Malware Analysis Report

2025-01-23 13:54

Sample ID 241214-zh7cesvrap
Target The-MALWARE-Repo-master.zip
SHA256 b7dd3bce3ebfbc2d5e3a9f00d47f27cb6a5895c4618c878e314e573a7c216df1
Tags
defense_evasion discovery evasion persistence privilege_escalation trojan bootkit phishing macro upx aspackv2 macro_on_action geforce host stealer guest darkcomet njrat modiloader remcos revengerat wipelock
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b7dd3bce3ebfbc2d5e3a9f00d47f27cb6a5895c4618c878e314e573a7c216df1

Threat Level: Known bad

The file The-MALWARE-Repo-master.zip was found to be: Known bad.

Malicious Activity Summary

defense_evasion discovery evasion persistence privilege_escalation trojan bootkit phishing macro upx aspackv2 macro_on_action geforce host stealer guest darkcomet njrat modiloader remcos revengerat wipelock

Revengerat family

Wipelock family

Modifies WinLogon for persistence

Modiloader family

UAC bypass

RevengeRat Executable

ModiLoader First Stage

Darkcomet family

Remcos family

Wipelock Android payload

Njrat family

Disables Task Manager via registry modification

Office macro that triggers on suspicious action

Disables RegEdit via registry modification

Suspicious Office macro

ASPack v2.12-2.42

Checks computer location settings

Modifies system executable filetype association

A potential corporate email address has been identified in the URL: [email protected]

Declares broadcast receivers with permission to handle system events

Drops desktop.ini file(s)

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Declares services with permission to bind to the system

Requests dangerous framework permissions

UPX packed file

Drops file in System32 directory

AutoIT Executable

Drops file in Program Files directory

Drops file in Windows directory

Resource Forking

Unsigned PE

Access Token Manipulation: Create Process with Token

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

NSIS installer

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: SetClipboardViewer

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Modifies Control Panel

Checks SCSI registry key(s)

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Runs regedit.exe

Suspicious use of FindShellTrayWindow

Modifies registry class

System policy modification

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-14 20:45

Signatures

Darkcomet family

darkcomet

ModiLoader First Stage

Description Indicator Process Target
N/A N/A N/A N/A

Modiloader family

modiloader

Njrat family

njrat

Remcos family

remcos

RevengeRat Executable

stealer
Description Indicator Process Target
N/A N/A N/A N/A

Revengerat family

revengerat

Wipelock Android payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Wipelock family

wipelock

Office macro that triggers on suspicious action

macro macro_on_action
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious Office macro

macro
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. android.permission.BIND_WALLPAPER N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:50

Platform

win7-20240903-en

Max time kernel

23s

Max time network

35s

Command Line

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\Program Files\\mrsmajor\\Launcher.vbs\"" C:\Windows\System32\wscript.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\System32\wscript.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\disableregistrytools = "1" C:\Windows\System32\wscript.exe N/A

Disables Task Manager via registry modification

evasion

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon C:\Windows\System32\wscript.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\mrsmajor\CPUUsage.vbs C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\WinLogon.bat C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\def_resource\creepysound.mp3 C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\def_resource\f11.mp4 C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\Icon_resource\SkullIco.ico C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\MrsMjrGui.exe C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\Doll_patch.xml C:\Windows\System32\wscript.exe N/A
File created C:\Program Files\mrsmajor\default.txt C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\def_resource\@Tile@@.jpg C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\DreS_X.bat C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\mrsmajorlauncher.vbs C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\CPUUsage.vbs C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\def_resource\Skullcur.cur C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\Launcher.vbs C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\MrsMjrGuiLauncher.bat C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\reStart.vbs C:\Windows\system32\wscript.exe N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\System32\wscript.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Control Panel\Cursors\AppStarting = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Control Panel\Cursors\Hand = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Control Panel\Cursors C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Control Panel\Cursors\Arrow = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" C:\Windows\System32\wscript.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\shutdown.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\shutdown.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3060 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe C:\Windows\system32\wscript.exe
PID 3060 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe C:\Windows\system32\wscript.exe
PID 3060 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe C:\Windows\system32\wscript.exe
PID 3060 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe C:\Windows\system32\wscript.exe
PID 2724 wrote to memory of 2956 N/A C:\Windows\system32\wscript.exe C:\Windows\System32\notepad.exe
PID 2724 wrote to memory of 2956 N/A C:\Windows\system32\wscript.exe C:\Windows\System32\notepad.exe
PID 2724 wrote to memory of 2956 N/A C:\Windows\system32\wscript.exe C:\Windows\System32\notepad.exe
PID 2724 wrote to memory of 2924 N/A C:\Windows\system32\wscript.exe C:\Windows\System32\wscript.exe
PID 2724 wrote to memory of 2924 N/A C:\Windows\system32\wscript.exe C:\Windows\System32\wscript.exe
PID 2724 wrote to memory of 2924 N/A C:\Windows\system32\wscript.exe C:\Windows\System32\wscript.exe
PID 2924 wrote to memory of 2700 N/A C:\Windows\System32\wscript.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PID 2924 wrote to memory of 2700 N/A C:\Windows\System32\wscript.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PID 2924 wrote to memory of 2700 N/A C:\Windows\System32\wscript.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PID 2924 wrote to memory of 2700 N/A C:\Windows\System32\wscript.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PID 2924 wrote to memory of 304 N/A C:\Windows\System32\wscript.exe C:\Windows\System32\shutdown.exe
PID 2924 wrote to memory of 304 N/A C:\Windows\System32\wscript.exe C:\Windows\System32\shutdown.exe
PID 2924 wrote to memory of 304 N/A C:\Windows\System32\wscript.exe C:\Windows\System32\shutdown.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system C:\Windows\System32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\System32\wscript.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\B5B9.vbs

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" "C:\Program files\mrsmajor\mrsmajorlauncher.vbs" RunAsAdministrator

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"

C:\Windows\System32\shutdown.exe

"C:\Windows\System32\shutdown.exe" -r -t 03

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x1

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\B5B9.vbs

MD5 5706bc5d518069a3b2be5e6fac51b12f
SHA1 d7361f3623ecf05e63bb97cc9da8d5c50401575c
SHA256 8a74eead47657582c84209eb4cdba545404d9c67dd288c605515a86e06de0aad
SHA512 fb68727db0365ab10c5b0d5e5e1d44b95aa38806e33b0af3280abcefae83f30eb8252653e158ac941320f3b38507649cce41898c8511223ee8642339cfece047

C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\CPUUsage.vbs

MD5 0e4c01bf30b13c953f8f76db4a7e857d
SHA1 b8ddbc05adcf890b55d82a9f00922376c1a22696
SHA256 28e69e90466034ce392e84db2bde3ad43ad556d12609e3860f92016641b2a738
SHA512 5e66e2793e7bc88066b8df3dccb554351287dea18207e280b69d7798ecd5cdc99bd4c126c3e394db9f45f54bb561e6688f928de4f638c5eca4f101dc2cea54a1

C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\default.txt

MD5 30cfd8bb946a7e889090fb148ea6f501
SHA1 c49dbc93f0f17ff65faf3b313562c655ef3f9753
SHA256 e1ebbd3abfcaddf7d6960708f3ccd8eda64c944723f0905ff76551c692b94210
SHA512 8e7d98e6d0c05d199114d2d6ab8da886aed68de690c4d79643868eaf051c229fff94c88d937adb3da5e31fe48116613cf79dd00dda30f296746ce0a8aded9fe2

C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\def_resource\creepysound.mp3

MD5 4a9b1d8a8fe8a75c81ddba3e411ddc5d
SHA1 e40cb1ee4490f6d7520902e12222446a8efbf9a8
SHA256 79e9a3611494b5ffafaa79788ba7e11dd218e3800c40b56684ccc0c33ab64eac
SHA512 e7a28acb04ca33d57efe0474bb67d6d4b8ceff9198198b81574c76c835d5df05d113fc468f4a4434580b1b58189f38184c376976604dc05d1424af1721995601

C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\def_resource\@Tile@@.jpg

MD5 3e21bcf0d1e7f39d8b8ec2c940489ca2
SHA1 fa6879a984d70241557bb0abb849f175ace2fd78
SHA256 064f135fcc026a574552f42901b51052345f4b0f122edd7acd5f2dcc023160a5
SHA512 5577e20f76d6b1cccc513392532a09bdc6dcd3a8a177b8035dc5d7eb082e0093436068f92059e301c5987e6122c4d9aff3e5ae9cc94ccc1ecc9951e2785b0922

C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\def_resource\f11.mp4

MD5 17042b9e5fc04a571311cd484f17b9eb
SHA1 585d91c69c3f9e3d2e8cb8cf984871d89cc4adbb
SHA256 a9b0f1f849e0b41924f5e80b0c4948e63fc4b4f335bbdf0f997b03a3aff55424
SHA512 709076c6cef8dd61701c93e1fe331d2b1a218498b833db10ee4d2be0816e3444aeebfa092ab1bd10322617cf3385414e8fdb76fd90f25b44ac24d38937b4d47f

C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\def_resource\Skullcur.cur

MD5 cea57c3a54a04118f1db9db8b38ea17a
SHA1 112d0f8913ff205776b975f54639c5c34ce43987
SHA256 d2b6db8b28112da51e34972dec513278a56783d24b8b5408f11997e9e67d422b
SHA512 561860907fa2f53c7853094299758232a70c0cd22c6df3534abd094c6970f28792c6c334a33b129d661a46930d90fd8c98f11cb34f3e277cf20a355b792f64f0

C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\DreS_X.bat

MD5 ba81d7fa0662e8ee3780c5becc355a14
SHA1 0bd3d86116f431a43d02894337af084caf2b4de1
SHA256 2590879a8cd745dbbe7ad66a548f31375ccfb0f8090d56b5e4bd5909573ac816
SHA512 0b768995187f988dc15d055f9689cee3ab3908d10b05a625b40d9757c101e067bbd6067ccbcf1951ebb683f5259eec562802ea6161d59475ce86cf6bc7c957f2

C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\Launcher.vbs

MD5 b5a1c9ae4c2ae863ac3f6a019f556a22
SHA1 9ae506e04b4b7394796d5c5640b8ba9eba71a4a6
SHA256 6f0bb8cc239af15c9215867d6225c8ff344052aaa0deeb3452dbf463b8c46529
SHA512 a644c48562e38190720fb55a6c6e7d5ccfab60f362236fe7d63caebdc01758f17196d123fb37bd11f7e247ce8ab21812165b27496d3bd6ca5e2c5efefab8fb03

C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\mrsmajorlauncher.vbs

MD5 e3fdf285b14fb588f674ebfc2134200c
SHA1 30fba2298b6e1fade4b5f9c8c80f7f1ea07de811
SHA256 4d3aa3ecd16a6ba46a9d6c0bdacdcd9dce70d93585941a94e544696e3e6f7d92
SHA512 9b0bfbb07c77d9e9979a6c0f88b0a93010133f7dd3cf01e1de5dfbe812a5ed920e916d16d6a32fe21b9ee4b5425e61a616ded1aeeb35a410d4f77c0f9392ed0a

C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\MrsMjrGui.exe

MD5 450f49426b4519ecaac8cd04814c03a4
SHA1 063ee81f46d56544a5c217ffab69ee949eaa6f45
SHA256 087fca40e079746b9c1dfaf777d3994c0321ea8f69d08238cdfc02fb109add1d
SHA512 0cae15d863120f4edc6b6dabfe2f0f3d2e028057025d7d5ffe615cde8144f29bdaf099850e91e101e95d13f8a83cb1410a06172dda25a5f92967abcbc8453cbc

C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\MrsMjrGuiLauncher.bat

MD5 c7146f88f4184c6ee5dcf7a62846aa23
SHA1 215adb85d81cc4130154e73a2ab76c6e0f6f2ff3
SHA256 47e6c9f62ffc41fbc555f8644ad099a96573c8c023797127f78b1a952ca1b963
SHA512 3b30fa1334b88af3e3382813d316104e3698173bb159c20ff3468cf3494ecfbbc32a9ae78b4919ecd47c05d506435af4a7ccee0576c0d0018a81fbd1b2dfcf10

C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\WinLogon.bat

MD5 870bce376c1b71365390a9e9aefb9a33
SHA1 176fdbdb8e5795fb5fddc81b2b4e1d9677779786
SHA256 2798dad008f62aace1841edfb43146147a9cade388c419c96da788fcaa2f76bc
SHA512 f17c9898f81387daf42c9b858f507889919474ac2a17f96fc6d4606be94327e0b941b23a3ccc3f4af92b8abc0522e94745616da0564cdef1c3f20ee17ee31f53

C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\reStart.vbs

MD5 0851e8d791f618daa5b72d40e0c8e32b
SHA1 80bea0443dc4cc508e846fefdb9de6c44ad8ff91
SHA256 2cbd8bc239c5cfc3ef02f8472d867dff61e5aed9fde8a3823cda28cc37d77722
SHA512 57a9d1d75dbbab842060b29f01958f7e6b27d0175ff9a3f7b97e423c1b4e3fae94547a569c2e5c88224fc5dcc785f5a1d49c61199a8c7b3afeb4fc520600df40

C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\Icon_resource\SkullIco.ico

MD5 c7bf05d7cb3535f7485606cf5b5987fe
SHA1 9d480d6f1e3f17d5018c1d2f4ae257ae983f0bb5
SHA256 4c1cfbe274f993941ac5fa512c376b6d7344800fb8be08cc6344e6c16a418311
SHA512 d30952a75d94dd64b7bd253ed72810690f3550f2262cfaaef45854fc8334f6201a8cbafb9b175c6435f7ce0499567f2fa8667b4b0046bfb651bf61eb4278e6c8

C:\Users\Admin\Desktop\MRS MAJOR WANTS TO MEET YOU 5.txt

MD5 e20f623b1d5a781f86b51347260d68a5
SHA1 7e06a43ba81d27b017eb1d5dcc62124a9579f96e
SHA256 afeebe824fc4a955a673d3d8569a0b49dfbc43c6cc1d4e3d66d9855c28a7a179
SHA512 2e74cccdd158ce1ffde84573d43e44ec6e488d00282a661700906ba1966ad90968a16c405a9640b9d33db03b33753733c9b7078844b0f6ac3af3de0c3c044c0b

memory/2700-117-0x0000000004800000-0x000000000480A000-memory.dmp

memory/2700-116-0x0000000004800000-0x000000000480A000-memory.dmp

memory/2700-121-0x0000000004890000-0x000000000489A000-memory.dmp

memory/2700-120-0x0000000004890000-0x000000000489A000-memory.dmp

memory/2700-118-0x0000000004800000-0x000000000480A000-memory.dmp

memory/2700-119-0x0000000004800000-0x000000000480A000-memory.dmp

memory/2700-123-0x0000000004800000-0x000000000480A000-memory.dmp

memory/2700-122-0x0000000004800000-0x000000000480A000-memory.dmp

memory/2700-124-0x0000000004800000-0x000000000480A000-memory.dmp

memory/2700-125-0x0000000004800000-0x000000000480A000-memory.dmp

memory/2700-126-0x0000000004890000-0x000000000489A000-memory.dmp

memory/2700-128-0x0000000004890000-0x000000000489A000-memory.dmp

C:\Users\Public\Music\Sample Music\AlbumArtSmall.jpg

MD5 1c6a4f664e8e18eba1a5b61ac4dde46f
SHA1 f09e10bc312f20ccd61c65c892666677d54d2282
SHA256 ccc20b7b3b29325db0a0b1c2127c12d8a1c019ca159505a96cbcbc89701702f9
SHA512 3ff32e45c7b0c1f38d5296c0a1ed6a87c987d1b5a4fd0efed2aacbce0794a8f804ec985891bf03ed1ec4bf03b18b25b9717a2aa405dc45aadae4b2b30d6012a6

C:\Users\Admin\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{F904B542-829D-4E13-84D6-7FA170A471DB}.jpg

MD5 35e787587cd3fa8ed360036c9fca3df2
SHA1 84c76a25c6fe336f6559c033917a4c327279886d
SHA256 98c49a68ee578e10947209ebc17c0ad188ed39c7d0c91a2b505f317259c0c9b2
SHA512 aeec3eed5a52670f4cc35935005bb04bb435964a1975e489b8e101adfbce278142fd1a6c475860b7ccb414afe5e24613361a66d92f457937de9b21a7a112e1f9

Analysis: behavioral16

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:50

Platform

android-x64-arm64-20240624-en

Max time network

12s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.213.10:443 tcp
GB 216.58.213.10:443 tcp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:51

Platform

android-x64-arm64-20240624-en

Max time network

11s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:51

Platform

android-x86-arm-20240624-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 21:11

Platform

win10v2004-20241007-en

Max time kernel

938s

Max time network

1331s

Command Line

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe"

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\devmgmt.msc C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\System32\devmgmt.msc C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\System32\devmgmt.msc C:\Windows\system32\mmc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\INF\c_swcomponent.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_volume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\remoteposdrv.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssystemrecovery.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_netdriver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscopyprotection.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_firmware.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsvirtualization.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsundelete.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssystem.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\PerceptionSimulationSixDof.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_display.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_barcodescanner.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_sslaccel.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsencryption.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscontentscreener.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_processor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_scmdisk.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_cashdrawer.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\wsdprint.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscfsmetadataserver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\digitalmediadevice.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_magneticstripereader.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_holographic.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsopenfilebackup.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsreplication.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\oposdrv.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_smrdisk.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_proximity.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscontinuousbackup.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\dc1-controller.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_diskdrive.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_camera.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\xusb22.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_extension.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_smrvolume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\rdcameradriver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\ts_generic.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_mcx.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_media.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsactivitymonitor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_monitor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\rawsilo.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsantivirus.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_computeaccelerator.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_scmvolume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsphysicalquotamgmt.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_receiptprinter.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fshsm.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscompression.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_apo.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsquotamgmt.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\miradisp.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsinfrastructure.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_ucm.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File created C:\Windows\INF\c_linedisplay.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssecurityenhancer.PNF C:\Windows\system32\mmc.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regedit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\calc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regedit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mspaint.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings C:\Windows\SysWOW64\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings C:\Windows\SysWOW64\calc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings C:\Windows\SysWOW64\explorer.exe N/A

Runs regedit.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: SetClipboardViewer

Description Indicator Process Target
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Windows\SysWOW64\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Windows\SysWOW64\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Windows\SysWOW64\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5052 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 5052 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2920 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2920 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2920 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2920 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe"

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x500 0x2ec

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6648 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x94,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10016 /prefetch:1

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9728 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11900 /prefetch:1

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13008 /prefetch:1

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13360 /prefetch:1

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13632 /prefetch:1

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x120,0xf8,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0xf8,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0xfc,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13380 /prefetch:1

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14556 /prefetch:1

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14784 /prefetch:1

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14048 /prefetch:1

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14948 /prefetch:1

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14896 /prefetch:1

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x104,0x128,0x10c,0x40,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14496 /prefetch:1

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14996 /prefetch:1

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15084 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15128 /prefetch:1

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=159 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=161 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14180 /prefetch:1

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=163 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=165 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=166 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xd4,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 217.72.21.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 google.co.ck udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
FR 172.217.20.164:443 www.google.com udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 answers.microsoft.com udp
US 13.107.246.64:80 answers.microsoft.com tcp
US 13.107.246.64:80 answers.microsoft.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 20.190.160.17:443 login.microsoftonline.com tcp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 152.199.21.175:443 aadcdn.msftauth.net tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 identity.nel.measure.office.net udp
IE 2.18.24.11:443 identity.nel.measure.office.net tcp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 11.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 csp.microsoft.com udp
US 8.8.8.8:53 answers-afd.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.81.141.207:443 www.microsoft.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 cdn-dynmedia-1.microsoft.com udp
NL 88.221.25.129:443 cdn-dynmedia-1.microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
NL 104.81.141.207:443 www.microsoft.com tcp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 consentdeliveryfd.azurefd.net udp
US 8.8.8.8:53 207.141.81.104.in-addr.arpa udp
US 8.8.8.8:53 129.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 answersstaticfilecdnv2.azureedge.net udp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 20.189.173.14:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp
US 20.189.173.14:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
FR 172.217.20.164:443 www.google.com udp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 50.63.8.124:443 pcoptimizerpro.com tcp
US 8.8.8.8:53 www.pcoptimizerpro.com udp
US 8.8.8.8:53 124.8.63.50.in-addr.arpa udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.jqueryscript.net udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 cdn.jquery.app udp
US 172.67.164.99:443 cdn.jquery.app tcp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 8.8.8.8:53 171.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 168.201.250.142.in-addr.arpa udp
NL 18.239.94.35:443 static.hotjar.com tcp
US 8.8.8.8:53 99.164.67.172.in-addr.arpa udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 74.125.71.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 script.hotjar.com udp
NL 13.227.219.71:443 script.hotjar.com tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 197.249.227.4.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 71.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 c.bing.com udp
US 13.107.21.237:443 c.bing.com tcp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
FR 172.217.20.196:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:443 www.google.com udp
US 4.227.249.197:443 u.clarity.ms tcp
US 4.227.249.197:443 u.clarity.ms tcp
US 216.239.34.36:443 region1.google-analytics.com udp
FR 172.217.20.164:443 www.google.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 4.227.249.197:443 u.clarity.ms tcp
FR 172.217.20.196:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 4.227.249.197:443 u.clarity.ms tcp
FR 172.217.20.196:80 google.co.ck tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 softonic.com udp
US 151.101.193.91:80 softonic.com tcp
US 151.101.193.91:80 softonic.com tcp
US 151.101.193.91:443 softonic.com tcp
US 8.8.8.8:53 www.softonic.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 assets.sftcdn.net udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 js-de.sentry-cdn.com udp
US 8.8.8.8:53 images.sftcdn.net udp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
DE 54.230.206.44:443 sdk.privacy-center.org tcp
US 151.101.66.217:443 js-de.sentry-cdn.com tcp
US 151.101.1.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net udp
US 8.8.8.8:53 91.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 11.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 217.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 44.206.230.54.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 133.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 notix.io udp
NL 139.45.197.253:443 notix.io tcp
US 8.8.8.8:53 253.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 google.co.ck udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com udp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 4.227.249.197:443 u.clarity.ms tcp
US 151.101.193.91:443 images.sftcdn.net udp
US 8.8.8.8:53 www.softonic.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 assets.sftcdn.net udp
US 8.8.8.8:53 images.sftcdn.net udp
US 151.101.129.91:443 images.sftcdn.net udp
US 8.8.8.8:53 91.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 74.125.71.154:443 stats.g.doubleclick.net udp
FR 216.58.214.67:443 www.google.co.uk tcp
US 8.8.8.8:53 notix.io udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
NL 139.45.197.253:443 notix.io tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com udp
US 4.227.249.197:443 u.clarity.ms tcp
FR 172.217.20.196:80 google.co.ck tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 csp.withgoogle.com udp
FR 216.58.215.49:443 csp.withgoogle.com tcp
US 8.8.8.8:53 49.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 motherboard.vice.com udp
US 151.101.2.133:80 motherboard.vice.com tcp
US 151.101.2.133:80 motherboard.vice.com tcp
US 151.101.2.133:443 motherboard.vice.com tcp
US 8.8.8.8:53 www.vice.com udp
US 192.0.66.177:443 www.vice.com tcp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 s.skimresources.com udp
US 8.8.8.8:53 embeds.beehiiv.com udp
US 8.8.8.8:53 cdn.parsely.com udp
US 8.8.8.8:53 htlbid.com udp
US 8.8.8.8:53 stats.wp.com udp
NL 13.227.219.97:443 htlbid.com tcp
NL 13.227.219.97:443 htlbid.com tcp
US 8.8.8.8:53 177.66.0.192.in-addr.arpa udp
US 8.8.8.8:53 97.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 live.primis.tech udp
DE 18.155.145.121:443 live.primis.tech tcp
US 8.8.8.8:53 www.youtube.com udp
NL 13.227.217.72:443 cdn.parsely.com tcp
US 151.101.1.91:443 s.skimresources.com tcp
US 192.0.76.3:443 stats.wp.com tcp
US 104.18.68.40:443 embeds.beehiiv.com tcp
FR 172.217.20.206:443 www.youtube.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 cdn-magiclinks.trackonomics.net udp
US 8.8.8.8:53 silo50.p7cloud.net udp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 8.8.8.8:53 launchpad-wrapper.privacymanager.io udp
US 172.64.144.166:443 cdn.confiant-integrations.net tcp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 scdn.cxense.com udp
DE 18.155.145.51:443 cdn-magiclinks.trackonomics.net tcp
NL 18.239.69.72:443 launchpad-wrapper.privacymanager.io tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
FR 216.58.213.66:443 securepubads.g.doubleclick.net tcp
IT 157.240.203.2:443 connect.facebook.net tcp
US 8.8.8.8:53 cdn.pbxai.com udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
GB 104.124.162.250:443 scdn.cxense.com tcp
US 8.8.8.8:53 121.145.155.18.in-addr.arpa udp
US 8.8.8.8:53 72.217.227.13.in-addr.arpa udp
GB 143.244.38.136:443 cdn.pbxai.com tcp
NL 18.239.36.42:443 cmp.inmobi.com tcp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 40.68.18.104.in-addr.arpa udp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 166.144.64.172.in-addr.arpa udp
NL 18.239.70.135:443 c.amazon-adsystem.com tcp
IT 157.240.203.2:443 connect.facebook.net tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 216.58.214.86:443 i.ytimg.com tcp
NL 18.239.83.100:80 crt.rootg2.amazontrust.com tcp
FR 172.217.20.206:443 www.youtube.com udp
NL 18.239.83.100:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 launchpad.privacymanager.io udp
FR 216.58.213.66:443 securepubads.g.doubleclick.net udp
NL 18.239.18.66:443 launchpad.privacymanager.io tcp
US 8.8.8.8:53 api.cxense.com udp
DE 167.235.124.25:443 api.cxense.com tcp
US 8.8.8.8:53 secure.quantserve.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 r.skimresources.com udp
US 8.8.8.8:53 51.145.155.18.in-addr.arpa udp
US 8.8.8.8:53 72.69.239.18.in-addr.arpa udp
US 8.8.8.8:53 66.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 250.162.124.104.in-addr.arpa udp
US 8.8.8.8:53 2.203.240.157.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 42.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 135.70.239.18.in-addr.arpa udp
US 8.8.8.8:53 100.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 86.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 66.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 25.124.235.167.in-addr.arpa udp
US 35.190.59.101:443 r.skimresources.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
DE 91.228.74.200:443 secure.quantserve.com tcp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 api.parsely.com udp
US 8.8.8.8:53 p1.parsely.com udp
US 8.8.8.8:53 t.skimresources.com udp
US 8.8.8.8:53 p.skimresources.com udp
GB 74.125.71.154:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 pixel.wp.com udp
FR 216.58.214.67:443 www.google.co.uk udp
IE 52.17.99.225:443 p1.parsely.com tcp
US 52.86.170.135:443 api.parsely.com tcp
US 35.190.91.160:443 p.skimresources.com tcp
US 35.190.91.160:443 p.skimresources.com tcp
US 35.201.67.47:443 t.skimresources.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 geo.privacymanager.io udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 www.facebook.com udp
DE 52.85.92.10:443 geo.privacymanager.io tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 157.240.221.35:443 www.facebook.com tcp
FR 142.250.179.78:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
FR 172.217.20.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 216.58.215.33:443 yt3.ggpht.com tcp
FR 172.217.20.198:443 static.doubleclick.net tcp
FR 142.250.75.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 rules.quantcount.com udp
NL 18.239.50.110:443 rules.quantcount.com tcp
FR 142.250.75.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
FR 142.250.179.78:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 101.59.190.35.in-addr.arpa udp
US 8.8.8.8:53 ams-pageview-public.s3.amazonaws.com udp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 160.91.190.35.in-addr.arpa udp
US 8.8.8.8:53 47.67.201.35.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 225.99.17.52.in-addr.arpa udp
US 8.8.8.8:53 135.170.86.52.in-addr.arpa udp
US 8.8.8.8:53 10.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 198.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.50.239.18.in-addr.arpa udp
US 52.216.40.17:443 ams-pageview-public.s3.amazonaws.com tcp
US 8.8.8.8:53 client.px-cloud.net udp
US 52.216.40.17:443 ams-pageview-public.s3.amazonaws.com tcp
FR 23.33.27.80:443 client.px-cloud.net tcp
FR 216.58.214.174:443 play.google.com udp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 52.28.122.81:443 api.cmp.inmobi.com tcp
DE 52.28.122.81:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 collector-pxebumdlwe.px-cloud.net udp
US 8.8.8.8:53 stk.px-cloud.net udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 17.40.216.52.in-addr.arpa udp
US 8.8.8.8:53 80.27.33.23.in-addr.arpa udp
US 8.8.8.8:53 81.122.28.52.in-addr.arpa udp
US 34.107.199.61:443 stk.px-cloud.net tcp
US 34.107.199.61:443 stk.px-cloud.net tcp
US 35.190.10.96:443 collector-pxebumdlwe.px-cloud.net tcp
US 35.190.10.96:443 collector-pxebumdlwe.px-cloud.net tcp
US 35.190.10.96:443 collector-pxebumdlwe.px-cloud.net udp
US 8.8.8.8:53 61.199.107.34.in-addr.arpa udp
US 8.8.8.8:53 96.10.190.35.in-addr.arpa udp
US 8.8.8.8:53 trx-hub.com udp
NL 18.238.243.19:443 trx-hub.com tcp
US 8.8.8.8:53 19.243.238.18.in-addr.arpa udp
FR 172.217.20.196:80 google.co.ck tcp
IE 52.17.99.225:443 p1.parsely.com tcp
US 8.8.8.8:53 comcluster.cxense.com udp
DE 167.235.124.61:443 comcluster.cxense.com tcp
US 8.8.8.8:53 61.124.235.167.in-addr.arpa udp
US 50.63.8.124:80 www.pcoptimizerpro.com tcp
US 50.63.8.124:80 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 8.8.8.8:53 www.jqueryscript.net udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 static.hotjar.com udp
US 104.26.5.155:443 www.jqueryscript.net tcp
NL 18.239.94.35:443 static.hotjar.com tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 155.5.26.104.in-addr.arpa udp
FR 216.58.214.174:443 play.google.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 167.57.26.184.in-addr.arpa udp
US 8.8.8.8:53 google.co.ck udp
FR 172.217.20.196:80 google.co.ck tcp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
FR 172.217.20.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:80 google.co.ck tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
FR 142.250.74.238:443 www.youtube.com udp
US 8.8.8.8:53 238.74.250.142.in-addr.arpa udp
FR 172.217.20.196:80 google.co.ck tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
FR 142.250.74.238:443 www.youtube.com udp
US 35.190.10.96:443 collector-pxebumdlwe.px-cloud.net udp
FR 216.58.215.49:443 csp.withgoogle.com udp
US 8.8.8.8:53 u.clarity.ms udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
US 4.227.249.197:443 u.clarity.ms tcp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 www.youtube.com udp
FR 216.58.214.78:443 www.youtube.com udp
US 8.8.8.8:53 78.214.58.216.in-addr.arpa udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
FR 216.58.215.49:443 csp.withgoogle.com udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 google.co.ck udp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
US 8.8.8.8:53 support.google.com udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
US 35.190.10.96:443 collector-pxebumdlwe.px-cloud.net udp
US 35.190.10.96:443 collector-pxebumdlwe.px-cloud.net tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 play.clubpenguin.com udp
US 34.107.199.61:443 stk.px-cloud.net tcp
US 34.107.199.61:443 stk.px-cloud.net tcp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 www.softonic.com udp
US 151.101.1.91:80 www.softonic.com tcp
US 151.101.1.91:80 www.softonic.com tcp
US 151.101.1.91:443 www.softonic.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 assets.sftcdn.net udp
US 151.101.66.217:443 js-de.sentry-cdn.com tcp
US 151.101.65.91:443 assets.sftcdn.net udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 images.sftcdn.net udp
DE 54.230.206.92:443 sdk.privacy-center.org tcp
US 8.8.8.8:53 92.206.230.54.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 74.125.71.156:443 stats.g.doubleclick.net udp
US 216.239.34.36:443 region1.google-analytics.com udp
FR 216.58.214.67:443 www.google.co.uk udp
FR 216.58.214.67:443 www.google.co.uk tcp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 156.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 notix.io udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
NL 139.45.197.253:443 notix.io tcp
FR 172.217.20.164:443 www.google.com udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 8.8.8.8:53 www.pcoptimizerpro.com udp
US 50.63.8.124:80 www.pcoptimizerpro.com tcp
US 50.63.8.124:80 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 8.8.8.8:53 www.jqueryscript.net udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 static.hotjar.com udp
DE 18.66.102.11:443 static.hotjar.com tcp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 172.67.75.171:443 www.jqueryscript.net tcp
DE 18.66.102.11:443 static.hotjar.com tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 11.102.66.18.in-addr.arpa udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
US 4.227.249.197:443 u.clarity.ms tcp
US 50.63.8.124:80 www.pcoptimizerpro.com tcp
US 50.63.8.124:80 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 4.227.249.197:443 u.clarity.ms tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
US 4.227.249.197:443 u.clarity.ms tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.co.ck udp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 softonic.com udp
US 151.101.193.91:443 softonic.com udp
US 8.8.8.8:53 www.softonic.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 assets.sftcdn.net udp
US 151.101.66.217:443 js-de.sentry-cdn.com tcp
US 151.101.65.91:443 assets.sftcdn.net udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 images.sftcdn.net udp
DE 54.230.206.98:443 sdk.privacy-center.org tcp
US 8.8.8.8:53 98.206.230.54.in-addr.arpa udp

Files

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

\??\pipe\LOCAL\crashpad_3544_PIKSKHWLXWOESRYF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 99afa4934d1e3c56bbce114b356e8a99
SHA1 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA256 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA512 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b102599e3e77175940b09dddccc92ae6
SHA1 4b15530722dc7fbcf8d9b2a7840a4c2e7710d6e1
SHA256 a7e9f4ea665b019fc8e8a5f1c616c1994ac5fbd427f7aa0b34f95d69a094b8ef
SHA512 9e729cc8c57f8d0da67b2a5f6043f50cd806a36b8f5cf9687f66995d4a1256c55fac0358f1e0d890f60b337f1e7890817935703be48a2d6d14923de2099f6167

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 2be38925751dc3580e84c3af3a87f98d
SHA1 8a390d24e6588bef5da1d3db713784c11ca58921
SHA256 1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA512 1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 29009c891cf7a535265213e604d7af68
SHA1 364082eecdd594aee32f4869b9e8cb15311d9b3d
SHA256 b322a73652f4b28055ec1a70310070fb7f3203369e8454112089d2fa2e9b4f24
SHA512 cbcd8de93f96dbd76202bee9ee71c4d09a2be579e824e9a710b080ce19adb79c55a5e45a90e1a4949c02fdba677c3125abb62812274112b501d005bc9a432a66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0d57b57e1c60c154b77fba9e5749ae4c
SHA1 adfcac5f571636e2080dec9df5d84c6d3efe0d6d
SHA256 9cd5e48c0470000d46535466d9755a797f0bbf42131aca25d9d41296ccec0d92
SHA512 a6df5996141b97bc864df200b91007ed7499ff53e4a78063403e1e5d2f1fc8e5568481e81c5b4eb6951e3dd9505e92b7b2b53c60879b79d51241ec8445a30456

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 59ede5e00a8c459d2af136e93d54424a
SHA1 126adfe35fbe42eb0b73d6a0a4df7999d143a068
SHA256 89e111d6859ed67ed36c283442549bfe9811856974f082611e8ff82eaf2bf69e
SHA512 4f1255137558d132e24a5f6072073aaeeccd8eacd37ead9cb123f4b26c0a7573f49b7f4f7a5ae388c9133c470193811e2e4a32a03f7e358af1c95647cd417a59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b9e0f9ba7bbbcd06d3b17ba064d7f86f
SHA1 8c41314b8328f45822327dba3d1deacc22798b3b
SHA256 bb287d284d7d5f4a74a7410af976673c1a1c4bd0ac21c913e76d72f53266c4de
SHA512 931a980deff4897906f1146f5c74e3edbfcf85e46586b3616481b674cee7257e5f9ef1f25cd50eedcf16aa78f55e8dc92b9e17698025c343887e3c4e34ee7d44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597ae3.TMP

MD5 93b7e217837dc464e6e5728f9a5fc77b
SHA1 76eee4a6c3e1b385541aa836a04727ce08c14779
SHA256 f4f77237c588a194f972df45b51bc3b826877f146931208b969c7d0337804973
SHA512 c520b5396cd24a9d504712b61f226200f4d555d25d44c6f08d51ba4ce51216149323e033b75a069ccaa917737c66cdfd92f453ab3e770905fc4e7a0615080e92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8959f9cde9f1521d261e5b269b004510
SHA1 e06db0ec7d48c0c6ec7d62303e4042d77e21099e
SHA256 81918f02bd8d3b1bf6a80116f4b530dc958cab0d884c9dc3d54520af46ea19c4
SHA512 a67bbeb10ea993db0df1357b1db2015af8151cde976379499e0d9b871b4bd97e55fc62c76bf92a2f88eb5b9b221b5b14f511797ad4f09883bdf5b48c07f8ad77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b7a999dbb52fa187de5cc2c106000dec
SHA1 558eb4285d19a49a91c6a2c01836f49b2a2f0383
SHA256 5fc2ebfd87b54bc6f4e18df9e26bbba9faf67ef678cde3bb229aba278b227540
SHA512 3059600fe5d41757850455a3be9e9053c1c6e4e8a30c890fa4b8dfd07b4462dfd3769f6fefa71d6f75eedf8af44168d38590307e2d91f59694ab43b17a8b1bdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c15becc25d1baf05bfa83c87f82ba850
SHA1 0c63a9e97b42fbad4933a1e3d566e7949706499a
SHA256 d6772cd7c259f9d4b2444178074fb92f0c051b3c6ffef3e82161d924dc2257d8
SHA512 7847cb30b343ee0e2f8f313eddfe1fda3bda55aaa68e575d8cfcb8dcd4662c1f159ccfd064db5afea1e7502003d8e70bf63bfa4b6c9dcaedec46ac1e8a83043d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 301b00e26adf376fc286ab3f457330c4
SHA1 40599ed74f5407734a34eb3b1b8d4370e8b754ab
SHA256 2dd687f566eadd38ef8ea20ecd073d9a03b32b5d0a88f0627991ddaeb538aba6
SHA512 48a46feadd6043261ab3a8b0faaa4c3ca146ccadc1536a0db4eac57bf813c079bdb7b47781e2cf15773bce8381b9cf1b7b514ae87ace77d2ff792cc09a782cd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4783e5de563504f5b3df0a480d67f668
SHA1 2beef48943a7f2390a601d111d97bf4646990e44
SHA256 ae6bedafa4f93538b1f9a3d1cf63c5e74a052d5e3f3b4f5a8cd9aa8b5b418666
SHA512 adcc0c39f94a195e3bfbb484c5cdb1e29f3fb5239c9239ca0b821afc1465a99cc8c02d2b4661ebd05687ab200c8684bfe146d1afe30ca77179dadd47e589d496

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f968e7a6f839d0ec7e3b9a04989f09f8
SHA1 84c69284a05ba112f83621a8ecb1427f16e8cc79
SHA256 2be05015f273953068f80ba76e6bf973768a9d4a96b85240d9c987521bc44a11
SHA512 fe4ef8406b9747951435049bd39cfc80fcc96c39a5584a4803070015eeb971bf3a5f11b3239fea32c10bf366ca70a98c5687de2c706d6820c16b0ffb7f859cf6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ce5e41fd7779a53c07f236506796b9b3
SHA1 967595f1dc66d80ff95ef219aae752321f6ff334
SHA256 94b66417e856951371d6240d675da91be2e2a3ed948923b159d07363e42d4730
SHA512 75cd40278dd28bd07ba44ce4233d3a602ed216c27b15ac420a2a196e819ee4c3a35663921791551c7b37cd96c2126d9525d81006c0116fe6905e85f98d46c9ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 00366ca63ac7f192b9133a43cd5d74d4
SHA1 91bebf01bdd2f3e42edfa871d20111bd99cbdaf4
SHA256 ddad33115d7d9b02be198f8916e36c100ee5c7b8c51c863a1ff8031268609b28
SHA512 6c164ebbdbaf1804cefa99614663ffe03104e6bef95327f42ffde515e595cd17b0c8c1de0cfc641cdf52e7250a359cdd5d45dcbae26f831feba2dab509feb29c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 12f933541c58ab3b5f75f6e9f3fd7d4d
SHA1 b64a4cf232f491d2677de7e7782c4050b874a099
SHA256 7ae99c7eb3d125c447f457afa88900ab32cdbf30f7fa7544a20da3a6e19df5b4
SHA512 118b69df2ae658f0314056c9fa38101201011e6932028cd6c6395d2381a1f164b42d73c9b24cc3eb92d91a16d3d529e900a859aeb53c1ed4d04b1f5d21f96b18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 839584d5060b914b6a910c5ee1f7d571
SHA1 486a0d6dd875171f8c3d59ab3bfa500b4770ea5b
SHA256 54dcb6e5f5d64129491cae38f50aa1ba3a521c04596f38364358d2b415ff4d06
SHA512 b5e0b3cfcdb0e8d8fa9453b5937c05bd76932f9fd4920b769d95939e8b90b1032430d638efd26eafb747a9b741df48dc27ea9e94d7f77af2af0693d7eab31247

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ebfbed7f487c878977476f1d973e3cf3
SHA1 d8ecd68c8bd270e78679cdefb43f223dd7e0156b
SHA256 c60514988621a4be79de268645191b4986cd44db976c9d24a7bb54c4456235a2
SHA512 40bb12d53992b41ded7322ac0661d5971d3d45e41f0497233ffc94c9aa10ca10cae27bbed765b8b49a247c889c7687f214bc332787d371c32056263deec490d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c8bf27111c54223b86d5ee8ef6a5b82a
SHA1 0a498825f233a20d89a1069da589702ad75107f3
SHA256 16db6764a61c6e70c091fa70bb16bfbeaa96d8ad28465047471076847e0d95c1
SHA512 fbb8cc10f1f7a0fdb68f428a7f51e738ca5a7e930c866ef934618e2dfe1e043d9462210b13a3de65ac96f589223c7f4fcec2bead814b450ace1119b5f96da32c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3e081f9b08cb27918354622e5449b3bf
SHA1 80a72412653dd60af3ee5e72823f0fb7f658f378
SHA256 d959ad93203e5bf267b3aa13a8f80911429eace35ed51d6c3395800f41228d5a
SHA512 96b98cf5e4e152bb24fc7355e7fbecb87260f723739c9203e7aa3cbf5c90896f0e672ac72a5b399e606ab827840ca5e7d25333e55983bbbc1c673bf84216d997

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f882f27549ab988dc55e5f4013c29e63
SHA1 6282f610fc64737b2ae6ae78a7af8769d33fbb5f
SHA256 57fa7b6cf3a2c50e2f8f72e10910c0c3e0f0ef7d4b887cc7725a023befe7b15f
SHA512 b6085faf7ee114b6f2292052940edd98b84c4d154c822454982254e91273b0e38f5d0ad4022b8b6f3910164d4771c23163c7097a19db6c8c2be8af811be32f95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3ad82c2b54be524c8ce5583cf492bfe4
SHA1 a52edc2b96a21446b4c6c932b3da211f9f57fa44
SHA256 d95f7810b206381a7a7d79572cfc657d2af4f2bd1b555313b1d7327b723f06d6
SHA512 9b032cff23843c6aac549f9b8cf52e2f98b1f0a40bbf0c77eb933b925875fa8d7d3a5d1c0959ae3080d296a3258fe6931a1d30db995a38b3fecb6ea0889e5c55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 65a655fe66ff15d0a2d9c556b36b5699
SHA1 3ef8750df7d363c7f16a924eb567cff40cc4bc10
SHA256 0cc42d8db38b20550aab3013ed39a47f10af13841b00f54d33ac370602000b69
SHA512 161f768a38f31f0dd394ef3e99b74ce7803c74f75fc1b6fc34871015db29be88c6010ff3838368338db65f2cfe0e090dbbb5e3aad9c467e74008e1d4ba0bb3b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d7a96e933611719a9d0e61d29fbed82e
SHA1 d6ebad689e60009166de17c7f3299389a8e17282
SHA256 05fd4fe63c6f36c8b017df127ef1bbc94f0fb570a9e6b1b4be9a61c3123edc25
SHA512 92d9ce584478407ae5f9f791479d885b03760e22248992ebca459a214dd3369f83a3c97a6c2e4314b51df194c6bbdf505e10dd6d3aa3577aab2cfa107451a844

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3ad924261bfd401ee2106d65faf00b25
SHA1 726befd63775606ac46c2ff661b3b98e18105655
SHA256 713be5f40662e1ea30bb87ee6c4313297a057da1ebc472a393ffefd49d490508
SHA512 99b28ccad7c88c030343dff3cb46c80eba7660c0978aeba04d4df4fe20d85a4064afa9412e32f1da415273b2af09623577116003b70bb26d7ecaf6db7f50ca77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ab5bdb995f1b8a96_0

MD5 2761d7edc726cbbe3a5bf4cb508a6d11
SHA1 3d181cd55340d7b44715255331da471b5371b8e9
SHA256 c5f5da3905bc47bc4bb12031315dc487612c061873487181c3b578600053401a
SHA512 32e3ea46b72380510e69052079b50fbd417647b366d2c3b8150a84853fb18a496714f852ad31c6eff545323805ff9f67b6f1e6133045d3831dbc7b55d932c951

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\27e336d9bf26b5c9_0

MD5 03d3418d2f9b5318b3d1bb6ecaaeaac2
SHA1 5dbdfba0aef42fec4d58e342d59882933d1b7536
SHA256 cf12560d022fce0bc276bf54499f4a5024397059644538b88cef0a028196db6c
SHA512 5f82832ddda06e3868309b3de554496b2017ae29ea3f915ce8b4ebf6940c50d43bf268f846706c725dd90ad2768846aaa771604b5171e4f2f0766ed56ddacd0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6892666fd3baf497_0

MD5 5dc5c79a23b82156390c267b3957c497
SHA1 6dadd0d3d87bda19802f2a1b8da113a9aaab5e65
SHA256 bce9e128dce6ea775dea1f8d27f6776348c3cc6165aad242d9a0d47a784070cf
SHA512 d4e61c897b0d63a1e2e14ec15a35226fe831a47b9122ee2af6eb78b01fd46663702794fb98df7e56b6987f3a28e29be376fa7d4aad4cdcd5fedc7da6169904cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 810a56dc0c520e7258beba71190662c4
SHA1 dbddf2653594cea8a8572d720ba638134f4f4465
SHA256 69e4f9d9a0305aea1fdc09afb95c9241637aeb136fb31f43319c5f73ef3fa16c
SHA512 19d11f2aa4d2ed7e5a99b10629461de4910ab2f7cef6fbe2e89981d007b52b2caa5fc5e4baf0573bde7e80f3ad79e23e6f2164453ebd3bed23785cdfe47f6f57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 966ed139ab1226f746c2e288f12ad17a
SHA1 81386126f2ca9f44dde2febf43180041c9b7f0c6
SHA256 b5256300c79abf0aae163903ba1c3b7fe6aaa42c41595ac006ec1fd857d67382
SHA512 65bbef62593a46578fc093c373cb378ad19123425cbc7540dd462085daf45638f91672b3a5c456180031eecbd33f3aafbc69e36323e92ec8ef90dd3ba8544c21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b2269354139e561d12d67419bd84f7ea
SHA1 72b3561a4433224b2a3e9b1efa08b8ae4986ac54
SHA256 f8a6aaf66248d3f931118bcb5838314c75ea43b0857d096edd39c775b0878b0c
SHA512 50acafee0ada582fa6c970ac938bc749a9231552dfe47415acd31a4bb6fab32caa321cad7c09133e1d72ba92383f64f5b7ec3cdd97dd0f77ba0d0fee67e3b4dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d29f65853d53483c3e335b2f13eed7c9
SHA1 c34f85b51ec2f7c00877337295e0800991f8d1f2
SHA256 50f4621ea1d037b2ca89b0426f7db79c6b05b1543159c62523c5673c84c25f52
SHA512 d2ebecbbe2484671c4f213e2e3365dd20e3591aff403878478326dee64567c1c30749d28f6c69503c1bc100345d81761ab54910195f3de1246a167210eca7dd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 374e995ee9c08f63d760e7e9a9d48767
SHA1 94c366942d04a6994ff3c58dc92038ebdc6990f5
SHA256 dfd0356806d2cd92db5ff7ee081ae445a329651a0945f3e53af23bde2833c53d
SHA512 9c891e0373d82b5f197310166f4bd973dcf0596903b03dfe23181c3e26e05a672cae24af9dc230f77e43f04ab47f6fd0a4832d4698158a29e59ddeb564c10a35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9039ed945db813629227e4c995b2e76c
SHA1 34901bfb64adda2bff292d50e1dce0270544d1e3
SHA256 766e8b673b2ca69c8f6bdf0626d9164bf43e6e11df89592a6202beeaddf3a733
SHA512 8365ea7fc3a32c391f2ddbffcb73bb3a04695e600e681476bd712b630632e4e5786f50ce7cf0a869e2b3b8a5b47b0a58d5233ea2958562012febf0f8d57bb962

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ab9de503455f9ea92b25754357ef00ef
SHA1 fb066d6d55f7713bb665acb6c371a3f6499aaf1f
SHA256 a061402f39f1807f5f1dd4553068571b356c2cb444d88036c2d2d9c3e98683c0
SHA512 fc6d19585254b766e5e496ff74e19475fcc4d3b0ada553e16bcd7a72e51e0a084e69bd893825666052f0ff075099675b89064aa6a3eb52bcd6baccece395e305

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8fd99a66103d3315319cd38066c87611
SHA1 5fbdeee2b55ba048b37dfd303089ffed60da3aae
SHA256 639fe11973738b9203eff1cb8fa2f45199e39e74ba0b8c15bafa280196f5a32e
SHA512 9f69eadfc2e80eedbcda03ea18096701414b242abb487d594c0ff41b4d1ec156be2f25a7a9e4717c69ac8802ccaf678bbbb163216bafc668ce796b7d33f8471c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7e6a349e3687f5d5c0dbd3c2df06f0ba
SHA1 7bab8ad746e006d6a0c3431b70ebea9174bb1ac6
SHA256 28c6bda0457be869c1059f4c81eacc6cce731fd94aafa798fb7ad3b908fcd373
SHA512 23f602f7f9862ea9dcc6c6640a4b2376cc1ade50e8c30de8db8dabaefa00597c4467663310cb720f9461d015c5d9758b875c466f8aa36e35bab013c9ea0d55ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 da4d04e12b6a40228e8c95aaaf6b52d8
SHA1 e549dafa4c750ef640dff546423b174d791a1f73
SHA256 4b1d189ab8180aefb6d333730ef6d9a791b5c08c027e8a9346c9738ba372afb7
SHA512 3e2b7fc2950f3f797a2c9805d8466d8941a8779685be2589f61ce34db6b1ef351af64360368d380255fa0f5eda5bc70e631b58c7e8cff1663e75d9600d1c9d22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 946abcfa02d79173f49b9f7e8a09f34b
SHA1 8ee89bdaf2bfe573372a368f2701259d2cae6866
SHA256 a72f7c147f36a4e327eadc8fb377928414a3c5af00a299ef796582c9a0cc559d
SHA512 5dacb425ef63394e325b59603ba77c21f8b096d534293cf5188c888135ffcc363cc3f4a8a2b993e53462dd5d776ce4fe49054bcc6658f0f503a1ad23936bebca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 25de14c5dae6b09eb8c3ceb1235d9f5f
SHA1 ebd072e0e55f2f0bb62ff753f69970f329a861e9
SHA256 6665394f9a6de9b564911cc693a1bdeffcc88152435c97b007b035f3e8c2cd2b
SHA512 e0b1fc1ae58febb4420fec5c0d2bcf2b330d58823b2476f37b7b00b7db4f41015d95228252475aef8b7a22f8ec74ff2fea2efbb9fc14cddaa474021d029a7462

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b59fcf5c22d5b82e7489e845fb4ab153
SHA1 feb27c97df3910b766836914a6f36333a16fe617
SHA256 40abcc683af0762e130f65717d994194477adee279d37524e0b8fb52cce59b6a
SHA512 f0ed33f1492e0b4c85858eb203f03e33443f5780809e3a503e2badacd1c49d1ce040cb4073445a44b4618907e3ed6b67fccf8ef9fd31015beef0793a12cd1c38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0e14ee652a18884a01acf159654b0000
SHA1 d88a767c3cbe08279e3c1a130b81e2421ed06ac8
SHA256 b104387c2d004e3691d7b64d6d4c5a499e2b34b38b626008edd09053c2379802
SHA512 31469ec6d03ef83f880929a37d361f45adeeb9e528804623357f6d105f2602a575b55e70a28ccd2cefdae3dd57c145468d537e9616062564aaae0ded6caf49ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9f8e44e5a470da7d1000345cf8528f6a
SHA1 3545bb310998dbbd1a2c6a204983c157fb6d44a5
SHA256 c5046b624cbf878d91462ffad283e0afa4873784dd6fcc7f403e258b0d229950
SHA512 b9b6e6915550cc3ff1be9aaafd02bbae63fb83d5ed30feb44fe4d7c72a399f4b3a453758eb5bc849378d0baa53f67dc53cf63e7dc03ebe88a5a872faa4ce8b69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 177d3b9a5200b98bc2aab94a70b2c7ed
SHA1 ec5166496f8ea6727a7694f2fc5c4e8afa4ddf5a
SHA256 64afd3f18812c84772f32d0d045a7cb1025f983db7695cbf8ebd8307d48d1b1f
SHA512 bc40b42e075cfeaa71e6fff7ff0bbeb40bf6136a9c6fb1a8eca0331c681e7466ddd87c3a1d44ef27c0492431596ac542fe6b6a71fd8f7370417b4f5f5aa209e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 67a915fe13dfac23bb2005f367ec5fd7
SHA1 802e395d53f17e5959c56e49f9cabc0d135df441
SHA256 8236f7cc1ebd4a54ee2dee0a833e2728c0f4fc64c7a2adf29d370cee331a9653
SHA512 5cbf6406850236e9e1e0f6cb85786dd202ec91033108c5961f6b6d54268ee45f8a5af367a2c4569881a1c4e27634e075b5886ed7a63f4ecc83621aeefe9e5aa4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 721c80c9502baad538a101547e041abf
SHA1 e4789b9bf1e148168b3d1b29f04bc92620fd119d
SHA256 e02c56d8336ece22ee1a95dc7e9192a0b824771a36f93a448dc9ff3cc144a23f
SHA512 2623bbd93574cff91446ba21a81f7d4cf5b986fcfe785ba414c9b684bcb6ce8a6b0d78e84db2b90e42f382a1a4028f61c7c250a043a9f897a10fa885db681ea0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3deaffa1d12cd86ce988083f4392ce2d
SHA1 92a739b0e414377896db9964372bbf1197ed9261
SHA256 df70a0920d598a46b74d57b0120f20b27d260de6da3288b0ab38e61c382a0ff2
SHA512 085b3b1c8605bedef16723694e7d13a198116a942a85cd4beda061adbacfa334ba3380c591a78853adc1fc6b9b9127a94b524f19a77ced4c6719173afc965af9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6ca84f741680284c53cf0c3f724bbe46
SHA1 7e58cf5cd2b2b7411b4c5e8cc637a65a59c4cd7b
SHA256 f645c18fdf31e061ead5fbd20abfbca31aff145cb74ce3f5b75dacde371704d2
SHA512 de33b339b8bea323257c491c8e75eacfbc948ae381a8cef22055864e5b24e4e82a7c8ab8fe3defbef5b46993540e36a26a5759649c6b329c665a5985c5b03fd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5de7fa75a20d52dee11f8d0c1af6eb19
SHA1 0efe0d67d10f23ef117f354097d5469080cc2ece
SHA256 e6a6934f2714145b68d0a1af2fb3f0fe342c071653da9a55da01a1b70d4bdd9d
SHA512 7626263f401d05b9545c39f958c907cca3ba241f3717c7d3202888443dc6cdca1eae8a33b85bbc174ed3b5bb0669a871d15f50ca77cb1b4d086108d60425f5d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 997d19d9092a772b0619c474d665d8c5
SHA1 ded832eb5e3d34c1ffb526cff65cb050d4dcea71
SHA256 b21494b521c5decb16289ba0b001fa148bbbfe94ff25160da7431aa548923537
SHA512 8665f5c66e93f987cfff9f5dcab89e8e3f571763830b69bec20305e5ef26d06e163ee8c8ea9e7ddaac34ceefed555ba94e96c5a4a0500657e65819a90289b3b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0ee74a14c656ef71b4eeef63fdff7d5d
SHA1 40936fb2e8a7831b5b56f36be40b64e7307fa85b
SHA256 4f4bba74253e0ae4035eaf325234d6cfe932798b00eef112c68230aaaffe9c2a
SHA512 753d618e264aeb2cf32b680c30683bad3648d0923eeadcbef38539424c03c92ba76a8b053356ec96a5a07e4b175a1b2ee0363ba31a0f9670bad00bdf9b70ec38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ba9e59e22aae591550e9bd5e19f657e1
SHA1 67bea3a478d373428edd4824c086acad97908b95
SHA256 02c9089822875d2cc024c1a6b6019c56920b0d6ff462708aead7361a54e851c0
SHA512 a4d8897bb8dff30a0bb808d148871635bf2c38ce2a5ba0d95adb4c53a182d2e596dca367be232d4db20f4092dc206ab03cf35223316d05cf39a47ddde0a17c55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bf65f9829567c649d4d58b758bc4ac22
SHA1 a62441cc9828fcb3155d720c3a34d001aac705b2
SHA256 e13bc6811a4ee77fffc61ae3a81c03bd8255589d331630f9189f906e44ff6743
SHA512 dd1f9d2f91fed5d5f7568c0a045efd8be92c0b8793e90102e6b5f6080af6dadb69c3cfe870ae700d730b8cbbf3f6d8d65f01354089ee358b73832563a4993976

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b6926fbb2f8d9d44d77de7217b08e03f
SHA1 d6040982eaff02ba41ce0694abe086032609b8e4
SHA256 cb5ab6dc356f8ec358f4d72845c721eb546148db357d72e7600109d8483fcd3c
SHA512 a7f656810df4154c29cc933d82d6911a86b0f0bdb06717fa265113ea3a3518497f8cfe5fb191401238fdd0b0455cd3014b2f98c5ec9fee46f177c53762c75be8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0be4de8403719ca39906431448ba07ed
SHA1 37fc16654abd8ec019e7ea2a900bf1d36a478ac9
SHA256 cae345aebed66489265d8e30147a8b9749d55b897f63eb9148ced3bb74e06199
SHA512 1a4be17b31b460a90ef215cf93686a0d15d6e8be19b7fa18f8b6145a710eec577795a809c30643366db9004fcf5f52e8f151b19cbba8f7e63b8b267c5b7696ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 999f6927c810f5c7239ac1409b2ea3b9
SHA1 724264d131cd148dc34c760bc3fefcfc6d498337
SHA256 88241e97edf9c273bb2036593cb760a6323738cbc860e3d85c67c625c08fc590
SHA512 b9efdd35bfadc34d38c8918700137fdb6389cde9346b1aaea2664d0bd27a83a592388953c34d7365a762a86dcc6232d7074f5981404ed8ba6432838c75df2000

memory/6276-1366-0x0000000005A00000-0x0000000005A01000-memory.dmp

memory/6276-1368-0x0000000005A00000-0x0000000005A01000-memory.dmp

memory/6276-1367-0x0000000005A00000-0x0000000005A01000-memory.dmp

memory/6276-1378-0x0000000005A00000-0x0000000005A01000-memory.dmp

memory/6276-1377-0x0000000005A00000-0x0000000005A01000-memory.dmp

memory/6276-1376-0x0000000005A00000-0x0000000005A01000-memory.dmp

memory/6276-1375-0x0000000005A00000-0x0000000005A01000-memory.dmp

memory/6276-1374-0x0000000005A00000-0x0000000005A01000-memory.dmp

memory/6276-1372-0x0000000005A00000-0x0000000005A01000-memory.dmp

memory/6276-1373-0x0000000005A00000-0x0000000005A01000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 18d66a94793b8d3967bf760b91ad7d0d
SHA1 a06dcecbb88578af20afd993e100624451cf2d4a
SHA256 e44a52174c91af4f3e8eb663ea0a175f8c7c5dea2e6b3d7a2cdda42a66a64d34
SHA512 ce66288fcd2713a2b668d949d5df7c78ac1c8ba5fab49ccdc7e01e1a69d00d8517ed3170788ed84d9110b154a0d94ffe7d8d86f8a1a714ef878d7168d625aeb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b595098ca0b4db1e631b1bba26fff746
SHA1 10139a5381e4d9c14231dae3cbf271c5540e3cdb
SHA256 41f2189a9062d86ae316011b15592524c81a0f18c9672af51b9af3ebc3a5e16c
SHA512 15a057e637481cd9ab16339035b5f8ba3319b537e114291f5d56304e7d6ca0e0ee11db0c94b6cbbee8b8d479b0c7632df2ed7e6db884dc928387de00ee40c00c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 255c227ec86689d796b20b37c2909e1e
SHA1 676f27b352692b508be195ff0e7b36d52eb086dc
SHA256 e5769f270a8279cc30665934ec0bf8e0664aa82501c58c8f5fbf0afe202559d1
SHA512 283e11088571218169edbd2497834d637b2370e95d26d63e2103fce68c15aa0fc8609119f274bba5706bdeb9d6feed51cfc7509da8428063fa2b11ce8f070685

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3714683b9465c9d476ad31e0ae87ea1a
SHA1 758d41a05336252e27924a221dcacfba6143a038
SHA256 326ea9666cfcb1bb1d52ac1b8234fb7a73475b830f66ca6e2a13a5635fbb0d19
SHA512 e90aff3e674a4bbb5e31d7dec6c6b052be4af374b4f49d21ec9183045a8af254db12bc26ab084dc5eb2cfe6fd415136d650d0620c7c6831043cb162215c556d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2c60726e865404e95c73f079d0089637
SHA1 b3a2a651fb3143c15cb35b64f772d128fc940f2e
SHA256 1368ac6aad3e8c86ef7ac0e6377d8ac3545440606cd9c4700ffac7f3d494c867
SHA512 9d93e4a86ef425db848a2bdffb0019d0b7ff47435adf99244283e2a1d840896360c0b6154ef916f1b66dac902111aafb954e1fd423d7d9138e5b0230ec110b31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5ec5973973fd883d9e5476e3cb9a23c1
SHA1 88f2fd0ce3c0ef10f69c7471447dc56212705b6c
SHA256 402cc8064dd90392d04cfbb8d0c265c998708053b7cb9ef2c4351d7d2e175ea9
SHA512 660e088d39713474d0228d90960e610e8d2cea4a135548cec11e6093b04cadee32b921e6f6ad850451eda0b249e3a275e397e3ce1d73a499d607514017ab3c60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 28b40463ca2c1e27231f7420ed69af8e
SHA1 346e02111486c28895ee79f7b448fe620d443a5c
SHA256 0b3995a59beefac76e0d8eda3179c63326bf5b9b7a68b1e6963646a2afbb2bab
SHA512 f64143958fa6e16cffb6fa195e0d606068907fb5997e0f0aed43c8597d5cdbd11e4b9ccc72af3ce364709412ba282a24dcec8ad7141cf08cc0826237b28269f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dcbc322bcf56f65fc95aed3adb8d72b2
SHA1 9a9a0292f215a45d14b003d6b52433c20ba0f47b
SHA256 8b7618b581461594206329e1e348492f2a6e83ada3527e9edf84b8ad53a6bd83
SHA512 ff7254ca6252d1a83de2b68cf3ba46c7549bb3cefb7af58969ec8fc6ff50c67748452b0e4281c2c744874226373f47beaec797a99c2a1c0ae5f2c6fbb2b7674e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8831116877a53857b4e755cea4cb98dc
SHA1 7c77c5a50b815b6000bceeaba8230f7cf084aad3
SHA256 0e2ee9e299d6f62269a2bb1333c0a0dc33985286280209e29ebe9b97e8e01aa7
SHA512 1f254df609ed83054f153e37655d20d03313cbf2bda4836e12141bf151a4940994b6d5cd44e8784520748ae7c1a707fdaa592933641a72280bffb597b3590d21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6c1f7beb305787ba11e65283496503df
SHA1 e4a90d93a262b7e0418dec59918b0f0f2445679d
SHA256 47fdb795ca60f04b125d171e229df84f5c128c37b2a3c26ee63574c09addb7cd
SHA512 26e048eb7317460399e4158759085d53eab3339e77ee636a6aaefa93563d8121be27fa1869f50d6c65b57171db762db5de49b36969697488870d0e914d278c84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b850e81bcd12513b23dc434ec31fd720
SHA1 62e12d289e328fa47fef2e4a157f5ba22b83a0df
SHA256 4d9b08b525b2c5f233e8196f2c87ec9721fe437ffe4de4665f5a3a908e9453de
SHA512 846cc6e192046062300137e86a32d83aabae2c0f9f98bb2cd39a2ec9e64ab613312196a0c5be336c6e790df30d567e76dce2040696370f12849ab44a31f5be99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ddbc4b7765f53cf6bf80d8b1447db39a
SHA1 4f1f2d7143df7bd7c9f3e1a2d43572c65e64b5b1
SHA256 8a8e8297324e6c95eb1763de07cc2d7bc662a23ead9280b0364f1313065773b1
SHA512 ff098ab64c46ad024435cbe7b2cb019e7cd1ab832057165b56ea519f5169659e54f2d8a77dcb0373c3844353a1fc55c6f3aab05f1ad125c4132ffb5308fbd6ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2892eee3e20e19a9ba77be6913508a54
SHA1 7c4ef82faa28393c739c517d706ac6919a8ffc49
SHA256 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512 b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6d5860069a966142724c5d1a43cab974
SHA1 78968439e895fab3bc80cb42e46c045f035ab0eb
SHA256 dbed9098c5ab8ed03d153e458d6d42c90e271ca7256f973e4a0dee17381bacd0
SHA512 7c70f5f6b942f49299d08cca2dd7236ded578cab535484da26c98bc2e7e045822338a3aafef7cc12cd21114d5cb93dc8d3059abfef8177770e72fd8c1562c9cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2a3092133bb3944fb2bab5f8bdae4b2e
SHA1 88e300d9ba3dc45552d704fa8b70445f34ab6360
SHA256 6751b91ee0e84187d61a03ca3923c5f3d6f3aba0ae88ad386e8e2c620ed49bdc
SHA512 922ee3fbe7846f5e9d203f2922eb4f95fd3c72fed4eb2d412f6659ac4f72832b17958fa942419808bf2b80c637778983d4c2d04dbfba62484a2905fa1328c9e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dd6c3f386211631cf4d77c666092f899
SHA1 26c0fa54ba6e38f90e141f3db3e7178540e62fac
SHA256 4915a758b554506e6d4e76cf31ee816bcc732f119171e1298a09de879700f98a
SHA512 fe2182cb1b01be459e8d34b8e4afba59a28063fca716230680dcf9b0bc039030476185f15f652337090aef326bb7e389661fd4494087a6eb7a085eb9f9e96ec4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7a46d4462aae707e89aa6f23242c0abf
SHA1 3111558e8ad1192aca7ce050e68544882a02093e
SHA256 a15b00aaa48d40f939956ed2e89fd5b5914ac7a1f87b480bc70a78cc25033eeb
SHA512 84bdab5bb21b391079b2f038f27e4c6a469ee7df1f73a5bb5c95f2a5e6caee4d497b2500db1d07efe59d3be649aae20ffed27283a981f7fafa3e2db1049ef9ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7ebef41962f3885ffec5c66bd58a61ed
SHA1 4774b700c623e7cb267f17d08a63fd7da6b0a13c
SHA256 86945d0d49ba0d07007c81a9b618e91b7cb2c988be27732f6c2f1e6d9f2b2bd7
SHA512 55627d8b3519b18c3784462945d30b7896992b383436a47de2aa2aaf40fed0be784654230563001b91ba4761bbcd21b4ce0147be583a6bab5eecbf0107fdd383

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 223be44711a9de45e50c0b24d2c7d527
SHA1 79da3dc3621167c4341fd41192fa9bc24e7a77ec
SHA256 392fdd02cc418b46ba163ea7db5460ef7f78d4e434484572234e0b3998783c85
SHA512 91c389dbb016e564353a8a1bdb6a8a7a1b4aff43ca08601e4a65fa6699ce315726116a9e7244c8488fa7a5a988ef78d39b7cd362370763b7a14165c6a238974e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 5b611912157812382ae02bde399ff48f
SHA1 6089fbf66004233d7f64b590c883156200df8c54
SHA256 8495adbc7f8e03685d4b40ee4141a989d53f96dd1c95588612fd6c3acd77ecb1
SHA512 357afe88b2addb2a73d164d552feb20b73b576d53027442a983e35e64c395d7a469d0b851f2715a0febb6534359b7323a050d87a2226969adfbdd43e99653707

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6c63d3cb97fa375883ada425614bf13b
SHA1 04cfc9795f5a5a1cd60f570c681eb933f1a37649
SHA256 6ffe93aa23efc198ec67baa1315cf80ccef6b6c624588b002feac1f43d27926f
SHA512 cea7d4dee09fdc30a10e4399ca43e9927ec2f999464625daee990f6f5add6c6a70f71d58744eca8747486e88996c42c9f98266b308f880720f05229c2423ff69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 c6b0f95171fa2aa59458f9c82f36fa41
SHA1 203e9f34c6b963cd318b7eaa65d35b036a88fb5a
SHA256 839ed500777fea51856b087dc772416bb529be3fcc980bd735c40abfe522d322
SHA512 da87caa4c81a4dcf662bc7f81cff9332964cc21d8022c53ff7abd8fc9936a31230586172ceeb9d13d483e061b6ed990ea52cd8fa609846b25b0b7b792d37a3c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 baff94c63010c402a48da7cb2ef08bf8
SHA1 a6bc98e9fe1b1dc9dbf168e7a781476ea95e7407
SHA256 517b17052575e9e90f98e7e3ddefb178cc2ac72ff02b779ff488fbcbf9bf9adf
SHA512 d939db777208d103c46c6905e497211e7e872c601a7fc6763103cffc0d9f90ca0ee0ba6269e70fb17054deaf96efa26e378c904a95206f27f225ef2d5a32bfd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 4956a5a7644eeec3c23c11c34eb8d8cc
SHA1 a5a07b734e130facc24e0d45b3931d23c4858174
SHA256 0cdbb6cc76b5af1f50459c53cdac5a883736b1e78c22d3876ab127646790a9c5
SHA512 bfdc9b07e753b76f84ddda98efd611ae26dfb44be5032b1a01563e18e829fb6f6b43f03d09239b054dbd1fe599edea8ea291e3b9e15725367b7bfcfeedd77d5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 50e7c652cf5d57d97906cc8c89cccec8
SHA1 b44c48b98c90686ac69762412e87099693cfe308
SHA256 17fdc0f29e08e58b3157887e3d01f54eb089ceb07ee1f11e7c23b8aaf24d17f0
SHA512 5b9f0ed5d62b92b85a56b3d3636f5b3f2b00b7c0ad1a29a7a8a15a9d41ffc09230c71631d50a8912884e64b6aecabfd88a41eb0eba41a7590a6979cf71ec4668

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 e8796850aee639ff9b8ac2c23110889d
SHA1 58e002b8e3929989c6fb1884576a6bcca32c6e56
SHA256 a308b4c8b64a08af56a24464cfc50f94c152633c5033789434a22db80ff496d0
SHA512 822afe14a9c4b4cb06135c52cc3f4e63661836ba22b655df6020f6c6918345597933edd0be4b816a70b3734045665f2d50b7cf1870a5b9236a2c07be70b172b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 45f4d9e7d2e260e8288babc1c6509235
SHA1 00b2ff2b04aeae39c3a1acd010c8814bf9f775e9
SHA256 9e0bba84f77cc947769f33b6a9595f95bca6f04e76b38d3f6be385e6c00837a7
SHA512 f2da98b6c541267dd2847a230aa9bd7589b4fcf8e0cba30aaa0314f92146981ec654506e005b9b5d33bd23b6cea8fca0c6953260943bd1200cdc33cc903550e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 ae2b5e6fd36c38beb90ca24ed95ddb5d
SHA1 b447190bb67f2a881b718f6cc70a136d698fc5fd
SHA256 cf22d1a1efc7c1aae3bc34d87149304a0198ddd635df1d73ba4c87dac536a136
SHA512 5bc508d40dc2d9f2b81582ad828ed01e0895db01178a3189383e58723597651f314b80c6c1ad16300dd8f886cc64d3bb9131d58e0f71f46bc3cb92d15a096db8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 ad819155d49345d5b047f0bf19910bca
SHA1 bf4b97443a00ea6b266ae6b029931c0702bdb33a
SHA256 1f60fdf86104a57563d5cb098a5d56eaacd3aa7b7fb7a0c03bc2bec53c19ae53
SHA512 02dad067243e66424b787c6b559b77d2a78962fdac978c054a7c5600d14ba9ac7a303eef2132f470bfa3f5f4c687b65cea66f84543c04d69273ea6900b49e793

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 5cbd557916865b85c4ac481397333477
SHA1 a1f6a22bda059bc4b1206b6dadecfd7140029a42
SHA256 51aa0b3c0811fce9578157e0c9677eb1f21b2a4a8c24b5fc6fe55c8bbf599bb4
SHA512 302b61f137eb7bb1d9d27d054ed019953e493d470a03cccd048a17bdbee834ce9238bf1d21b8a7f4cfa5852affb134b4edb8a0b1b101116311a8a4d324a462bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 787cb060b057c5d555662c23eb0e0d17
SHA1 03bc1200f042ef753a24d14598d650009af516a3
SHA256 5cc3c2d9ee42152d916e0b7cd2a6837016e17310d982df0e179b8867504065b0
SHA512 9d9cf95cc3c08899d03622a64e0cc5af9b68edb2a9d6b10fb5338d29e5ca615c656dfba4eb5b1e6d6f262b875e68274c386452b09a3d51e8e6fc83206ee156d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 f81f6b2a4dcd19e0fa3bad790ae1d3f5
SHA1 70b6513bfbf53ca391f165e87f70aff360df1952
SHA256 e922dadbb7b48a72f5e6c63ab718f6c5b22dd61b8d8b933fb3b5eaf470f25d5c
SHA512 0e6618da9e6dc68ff7c4b8f97bcba3515ce2c212e809f78b4718d250a52922306d37d16eced428de501a23b7a4b9c2791ff90479cefe96dfb70996a581c26c9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7c760f4f06ce141a9c1405ee58321ec7
SHA1 c9129e3f61ebc110692b5eccc4978d6e0928effc
SHA256 1e7a314366f080e4ebbb0102e5e468d8017170cfbc5fbaa3c5841cd60eba36d8
SHA512 722101102c6320d7dd662dbcded1339fab4e46690c97c70e1ff0cd3cc1db0b101d034b1d94404864fd91f60882485d5266fbc09d46eedac6cd8ef6c229c29944

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fe1fe53bb629d6103cf367e450a27a87
SHA1 68bdbad62cb3b9c9f7258a5c9c9198757a4528b0
SHA256 b59febd96ee689ad9f09d1ae9ed451a00993071e559e5f423bc93b530c1c3eb6
SHA512 9458e2265877e8f301098f969b5b500436713784ef50c2face3c9aad26f4c25147e6327bef7ac5362e8c384d4b4ef8547fc379fe76952bd504477ca8c276774a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cb84631da4163e58abcc698469d61acd
SHA1 c52a04df4fb7473b9202c6cc24044565d78f72bc
SHA256 abbec13709cf66484ce4f2c6bf9b0ea92186d50b87c94fbd09d930331f231e80
SHA512 0d8f8d5ae8b275a4d6b2e741b430f3d749f4ca66afbd4fd2f08d325b7d14709420dedc3c1932b79062b3c13b17c5917b1857311c9cd5b44443de47f98c3ee646

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6b87b7becd0fedcb3e2b63514f593c40
SHA1 3756905b6530a35d74e1b8968c942e8015e5f279
SHA256 0de60fa0fccd1202e57c3ce000999c3044b0a41d8448bf9591d09e701c28b1c1
SHA512 f803d98c32cbd0a87526766652d3e6dc36ff68297f2393f683f330157e7c40770c65155b943bbc922e60a7051a8167276a3e0d119c1e3e8cc745a245fd060c22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 57303020c4c2bb860d4f288191ee7e12
SHA1 f69e31a551f77a23353a5727816e580bee5972a3
SHA256 bf717870ec6b1374935201ce1ba442b16a35c0b4ba87f60705d09b9c5e41d0d5
SHA512 c634dc13579509f26a781ee983d31a257221ab8e591200952dfdd65cfaa8a03a687ae9ff9664c6c14ce5ce0873fe0ca530664612d37f2f0d306d4c939986f599

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a4a6756491fcda00fba6841f49fb3206
SHA1 d360658be0f3290a7616480cd18839c9495186bb
SHA256 e2c51af62695aac287eae00f989fded8b5bb36dae94c1164c6f87a60999d6e02
SHA512 5bf6240be44b93e0f1fd4c9157893b006cfa344121f4837d57ca56e843dc239eda5441c832a26695b95d7ea032f03ded056efdb22ef33e103d95a5cedc851fcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5438d614cfa44b27257881c512474161
SHA1 4f0e57dbd1a83e23ac4b431c237b47a0c0eadfdd
SHA256 abfcc69cf9f825a284922dff67d0cf0bf16e590aacf8e9fb62eaeda9b57561aa
SHA512 ac8aae2ceeaad4a07a5460f7bc57565e71e44c7f9748dcad6877bd68f956b45251454695f92e17a55cb13a14455a8821d2018e9b775b1862e1d429f16cd34955

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 559015289adfa08342cd1b234197ec18
SHA1 1078f73ca4e6a4794e526d59e6c9ca5dde86c9ff
SHA256 a09d54d6c5b2499cf58daa2cf3edd1929b0cfea7ef0a3b5d7c2f416e2355bf84
SHA512 03244a801639bcc7aad1209e501ac168c352a05cb48eafd0e318fd0a11aa78c97f97ca85ce43ff84a79ea2eba4a8a3786f43cde80e43c4a6051f053a29886199

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cb4b89bddca827669d53bb494d25e185
SHA1 aca05a0d7247c97ea42f38fa5a1c381cce3201a7
SHA256 48710176b74ceee09c022199f43ae7205d69a821242ddb8e242f30dffe83f089
SHA512 4a98947460451441d9b6038eb9abeaf11a54aabe97b417eeb4f8b340aef6e3602c5e945644b87e023dc06aed7cfd1130bbc304186c0a143a567ce7f4cfac725f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 60bd233666bf9dfdb567c6e1d820f572
SHA1 91da52b2eceda52fc376480f7304dba68bc33ab0
SHA256 7e94b4dc2d6956dbc56d30054ccf99a3edae4b483b43217460fa7ccd2836a192
SHA512 5aa08daf6900cae0e770a32b7165de9ca64bd003ce6148e350c247dcafba8bb90aceef8a4da7d017df41153e63165e6993ec6bf88aef9cd73a8919f0954c9453

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 35e7e13a43839a62c0265d05929f348f
SHA1 8bdff014f771505aa3b412eef83bb72561b81315
SHA256 006220a9c79964c184698d06e2e658b2ff151fdb2123ef62c619abebfa4affcb
SHA512 ecffe2cde3bf6d92ef8e3ae93adc966854c429309d622c6946ddb1a47a6327fcc1dd7777c091792176936f5682a1fbf13cc1fad6d890587ff3830e3ada6960e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ed74ed710b7d234e2191c44945422971
SHA1 8d16ef7adfac9b088f8d4c75c190ccd7e7bfd204
SHA256 6e927b425256ff9babb909f1b3780f1f2d0eee7eb928aec40cf5e24bf8070814
SHA512 27ddf1e5af5a8eba7412ed5bf89ec82b6a46afbcd468f3060a874f5416f4b017cae50f79c0de17daf6fe5b5319aa31668a7b33da67c0463cbabb38114dc7b784

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\854b9681-cedd-4fee-93df-4b7c23619563.tmp

MD5 8d3c5ed4ec6919a4909a697b26a3a2ee
SHA1 40ac0514fa87f4a9116a266c2ceb9f5918493fb8
SHA256 83ac04ce48a015bb85948ce0966a217650fe4d6f7ba0cf8058a732b31bf8f02a
SHA512 114335c629ffd9995d0ef6ba6077496227a757c974f938557e4f78d094c606ffae72f0e681b43eadbdabc8d1c0e025ce295612cbb531084bf6aef92e6fa7792d

memory/9820-2084-0x0000000005AB0000-0x0000000005AB1000-memory.dmp

memory/9820-2083-0x0000000005AB0000-0x0000000005AB1000-memory.dmp

memory/9820-2082-0x0000000005AB0000-0x0000000005AB1000-memory.dmp

memory/9820-2088-0x0000000005AB0000-0x0000000005AB1000-memory.dmp

memory/9820-2090-0x0000000005AB0000-0x0000000005AB1000-memory.dmp

memory/9820-2089-0x0000000005AB0000-0x0000000005AB1000-memory.dmp

memory/9820-2087-0x0000000005AB0000-0x0000000005AB1000-memory.dmp

memory/9820-2086-0x0000000005AB0000-0x0000000005AB1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1606cd2c8c04f375f6a6f10339fe589d
SHA1 77ed41f4fa905cbee7a31bd0666734f5b37237c7
SHA256 aeea245cb0f527359ffdce4f94817e46db1324fc3cbc6fb61a52cb6092252f62
SHA512 d9344574b20cca8e20e0c506f6127226e13704341217eba9845ca3f72c848c39499ec446990c349d2025c3c0feb4576ef13264b2d574e7716661b37ec687f020

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 080d466d8c090dddc7eacc0c10eca6f2
SHA1 0c60389936950437313c1865c13bff2b557a5408
SHA256 94087cd2dc873012d39d0d8ae7475eb801612499e9bff6b6dbc9c1d53c8799ec
SHA512 9c35b04e0de19028469e7a94ef69d74ca73b72ed395378b64a7a4f03a91ee2df5209fe63938fc81ef8fbea5ced8d5c0203f2a916415792af5e980d6331285e3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1ca1cbf34f4492f9bb64a50e79cdc635
SHA1 45c9d305e26de0180d290044c575c66bdf8fce34
SHA256 e55b10072b40f1cf9c4d768d1de1cbd2b1e432051575eb541fe37de3756548bc
SHA512 0f983d7551326eb155308d0f9f7097afb78ae77c1f244f4f54ae2e113fb53b3ce7092d6046fb06677b69f8c07d54de01bb8429e2a8a293b23654500dcff8cde3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8c5f5ab1a0d139f89b21102aef61ef98
SHA1 a9e576ff25b8d25ac353b7809134dd3c4d81d26b
SHA256 7f3a7ce75228c0f43f26551b8d29899a066048ac4262603f9bd1ab752420fafb
SHA512 da2c870906e848fc49c798bbe744b80b9c9a46631c2a979dad8265efdbc5f8991d35c6e66083969a512b7cfeb43d8c4c02dcbb070ed26fe0d29a6dd8c40d56b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8f84af1d48521b3c5507ab7c2d6403da
SHA1 0f623e991abc0dc036926d8a6bb40ccb23b4614b
SHA256 5254e243594e78bcbe476e5a14797c6412d9b8096585e8ea757331a4ff40d66e
SHA512 eee261b32012c781b25bbe6c2ca372544102984946a392fc7edda113a5a6b3b444620785f24ce5aa1ae2232fc0d7aae65352a771d1222ba71e7ac73ae85e9536

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5443c2827dbcd89ecd735c22b6114296
SHA1 5842ebf908e767b74914fff83860b672c2393edd
SHA256 951ed2a55f7da32f1f588ae62b09bfb5e7b66423ba454264f13cb6e8577cba76
SHA512 022620739b35d31d5e8096d8ab3a47f842e22f5261635b88a6dc9f3c8a06e0a5b362973c8eddd1d1890c0e0ec7206cd0f6521e7afd91b817289b4af891c4b4d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c11c62b2cecbe168ddae490605a35bb7
SHA1 9b204ac872d0da8c8ef1a0b9d1eb00e16cda8506
SHA256 19f371e6f06bc3f43e23337fac561f1542743d7a006c4fa7ca7dd190ace58fa3
SHA512 3e2b0433b7f0d552903f4f9de67e9999c86dbab2bbac4d6779dc4b6e9e3780275ba7746e870f9da14a90b6c59e31d729b15244bfeedc5308ba22ec2127a8b672

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7e0e0efc363fcb403fe3262a05e7a692
SHA1 549d0b07b590e49ca4c2a476b920a953f9e507d6
SHA256 dda6790cc7350ddeaaaed4fe2fa04e852a8211efc32e7b186189d3d08c413e42
SHA512 ba9d2985e8e5f2778c425af304f950607dffd1b2ae4bc364e6f4d8d501d0e2e7b96fb2918ce1d218458cf1e57232209313ec3d40b107bb991e4d2cfd47cff464

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 094db891395bc47a1ed1a5259a087957
SHA1 b55bd9cc2458895fe22a583b6d1ef5c3671552e6
SHA256 8be242da82a341111f30cab61d4dc3efc7104fb9e66fb31cee184191d5ad2cdb
SHA512 25e7483c0e830c4a40d3dd79bf6c5c7cacb173fdc598840374e54b8ff8513f4b56496bbc7d8ba5bebc44671dd3d5f5495a4fc2fb22357f725638f10cf60de573

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 af8b6106e1d6d5780f2f344e8d60a7c2
SHA1 f01e222f2927f245542201a2d1d3ef6543ad8eb9
SHA256 48c21f256ebfe56b82af41acec002ef704ddc00777999a59005a351b73a90d78
SHA512 0fd90bb02475ba9c453f91e5aa473cf653fafcd17a03d3df3c5c621b922813f8ce9b7839d5c8281bb4b7d0f30a77021d126bc804ccb22327b81667c6b8faa626

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9912a325a7c8fa739bad7c0c5d977ec0
SHA1 2432cb3da3b56f684cd1d5920326cfde06406289
SHA256 45992b1cfc15d5063269bd6a6eb9cc495779428ecf9dae1c7e95b0481424c0a6
SHA512 a0dc127fc8418544ca3060bff9799ef9f7057ed93e25b681782ababfbea243698248c3c106d04cb52570a9adf4a46813a5ff225a334fa0b0a3544021c3f1c077

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d068115bc9ed3fdc0693aa39b479777b
SHA1 90e7147da42a4ddb3ed35f2fc4bdca9df1bbf2c9
SHA256 c7333820d6a7962e058349b916c75dcc32582a86fd95c5685db82678d1b5d7cb
SHA512 433e0a9c1962c6c2d445100a9386e8757915f16db2062c1486d6d1646d3567b8624bdb53aea88eacd0c82fce444f211e40f00fb612c79c1599199109ea7592be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b2a56c90b15a3517f5c01b51eef2ffcc
SHA1 5da9d53bf08c20ed66866839b01becde4a04cc86
SHA256 e57f559290fb5ac7d4d884143fa0ed143dac49ee2d4e6c52887fb9c5c48a7218
SHA512 40c41881d56b7f1e8fe9ff69945bd8e2f29b0acbd8cf56791153d64aec1c621a53ae46e69eff0d0c415c7b1d08a0ca796d1fdb6bf9c85bf3926b9e38b9c3f161

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 49c5f63cfe598c72e1176ce5e570eba4
SHA1 f3159652de23a1dc29d97d697cab4240c8e44dcb
SHA256 136feeea9bfa44d58cf5f56365156b88946410d0d2a0fc47ebe5d07f461044bc
SHA512 0a07c997bda24913b71fe199508b534bcbb97ddc3d1e5fd3780dfd7271f53f13dc2c1ae00263480f37916d95880659160d5017ec4b31a8fee720c965e64eb7f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a66c8cd5ed59a629f1cd0510a7667083
SHA1 88efd7a664d64910a5a3d7b7032975762cf3cf03
SHA256 26e3f51d547f7bb63904dd9b6a49de88411628104022ac021bf3850ea8527a48
SHA512 3d2ec62dec6548c1d00328afe50f6394da3c549b1c36672c213b53a1c8fcb04ac760e9f342e24f81fc47227c956314252b3ddef83c8ba4804a40743aad86f9d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ac05287c5e711ad5e9f48997cbc302f7
SHA1 3c01d2512fa172bc2dbd9dbb3f80566de4a2243a
SHA256 53a8a8004e67f8fbfa0cda4d16140ec2873e6c331a951bf0d3d9edfb946855af
SHA512 30b0a96900194455a4c2eb39be9ae4193cb38155f11c50563c344f0c30f41de5d17d2864e44c06d3c62591a5ceedd2dc9679df7901836583e524f8de425eac81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aab66e5fa147b6195287a8e495b2c72e
SHA1 ce936800daaaad3b0c9c075490b9b07620bbaf58
SHA256 25de20510dc5ee1bd258bbd89df87678bf0a1001a8b359a62492cc05589f6c89
SHA512 413fc4f2ea3cb0a0b8ed1b83281ac826680d705e685d9560d6a0a2f14d91bf477528b06e971510397b4656dc4b0f99bb061c185e11894cd93ff1ab0bb7ff7cd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a0378a934998b0755100eb7c4407cb29
SHA1 b068129e4e48cbd3b724c74ba6c847ac360ce746
SHA256 b87240697f5e56c88b2d0817ac9ed40f8c2b623cd0e020060e28c76ecada951e
SHA512 2ca9c054622c5861768afe5121e511caa00784ee6e295ace63c53d28e7271f19e447d09d8f5b1f4111d1b4c401e0df8934542ef61831ac6a7fc20719a96c76e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d16f22c803dc04c3c2df1cdc7f9cc618
SHA1 48ab328b4ae07ddd298a02b2579622d0cfbe155f
SHA256 2ee210ac8095462b7cc18f7f1bd5efc3762746224dbd7f6a0ea9b2590beb852d
SHA512 8784eb6b7c7bef37a5335ab6bc87c499b157215c459f0ecf88f8e4d4205d09b05994ac9140a0fd60886a1f278e8987fa7f9be34fda83226ad931dc6b5ac4274b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6bcaa34e2017ece54aca1b9bf1a342e2
SHA1 f47346f7cbec065db05413bc957ce0ff90055616
SHA256 1baff31c5431df740d393708a2323867c873fd7c7e747f544b1567b83bc41db1
SHA512 3839151e9ae0d5b61602850af660c1ee87d17530eed6b1d9d7803e09bd8daf491f1ef2fc9bc9498a7cbe039145bf7d79faa89b1bc221d2e21809b4908bc893cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb68d234cb6055d95010da3a462e18bd
SHA1 1dbd412df2f2819146e77ba35a7140da14f82f7d
SHA256 0a30985f68d5f29bebd3dbef062a2fce3bc8d0057437d28c96c38b5159f67518
SHA512 2e1db08412c4c0a85ec146f1dc3e40b76360b967754fa16d303ae5ee6f19384ccc16bbbf98494f71fd803446b37b6720ede4131b43953ddead860e9f1db87770

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8a994d71fc12212e92e96d8203523f0b
SHA1 29306e111b3c488e67d394a091030e00e13ba29b
SHA256 f819faa04907c001323b099c068cc131d2077e8dfead18a8034ccc5bffee5c88
SHA512 1ff21a98527ceb024837a271d40dbee921ad0d714010881ceff9e3127adf2d80bfcc83180a0133c6c4db1f3ac9132b41dc460598ae24a8ff5c4434bb167edd58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f8b543289a666b569b92a202145d8900
SHA1 c69154438c72e963491bf32359abb36ef68abcb4
SHA256 00d4c964e3939504af69ccee2e8a61e5b8d8059d2d0708eeb8d04fc0b3593667
SHA512 5726667aa47860ffb173fe212000d796612697eec7492dacee99a5eeed53c9fde060b65271d02d510d49d7d352f67466da1f5f23b735d44fb2a4308fa24fc765

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 007d520ffde95bdca7286abfc183629b
SHA1 0811f5a3b29e4762abfeaabdc0fbc45002f18ffd
SHA256 64d5a627bb35ae63075ecb7bab1e071eba834ad114db8e9a059401b850cdfdf6
SHA512 0223a1b3fa7bee929906a960aaf396341cbc63a82882db4d25da19e2a704aa55ae8b7836b37aec18fb4bab2a5efa281427196f76a899c645944d8a72a166f466

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e893d13acf46a37ec3a9a4abdd27da91
SHA1 e7c7f0c1096c19d60e06d3a91f03329ca0f1177b
SHA256 ba7884e68e6fccb050adc54f0e44fbc82fe2416c2ea61922b844003d9f74825a
SHA512 93df7695aaf242ed89145186e35f1cb8afb5c46af5b5bfac6740588c3b01eed1ee9b3879a80fa1e3d3b67567c8553eea794ca2d180d98d769c5f4e4deacf826a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1438120f12294dcaf641392efc2b63a8
SHA1 dbab57e8eb7b14d0bf36a7a045365aa81aa33bca
SHA256 b73eeb2f5d68fb00257e89c10e09cf921149d80940a832f289dbed53b1817421
SHA512 a1ff21d8a11d0df94dd79b25a7c957f69717529939aa89ef1382459bab671f6ae33d6081f3dcf1193c9807f8094bf9dc10b690d7950b00494f36ce1b1a4a990b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9534a3b79ac70207839d63e60c32795f
SHA1 422b03a3e6120443957ef030a3b9bb9b2fcb983f
SHA256 6043aa0cb0048ec78d58c1cf65fc3832d01d7fe275177c9a643f0ce0905b9aad
SHA512 32e292ffc7176d1ed59d4ebe8edf4f717480fcf71577b31ab73626af55f65b0650070cc1bcb073fb124b548688a9907192c77099cb088cbd6fdea0535a2faf7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4b8c86487e79bed57c96b6a95d175f68
SHA1 a8bc431fabdaabffe97714daceb5270c7928ebef
SHA256 6cd050737ce9c846c8bc2f5b39e8263b1b3f7ba06a77f0c478602d668ff1bb08
SHA512 dce578e0b81fc63cb09c489fff7f34c9a1307d429a9befed880960b306f1eec68ad7450c1ec394563788ceb102cb6b9d207ce40499398aeb43347aad8d7cc50e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 20b26e0cd947788dc3c05ad688fddf15
SHA1 adb8237d893f031e5f77cce4ee09aafa001ef99a
SHA256 88834d3b880819f8c62d26f8fed43e3c9d7ee9a6dec59f438705bf14a007bbda
SHA512 ee83ff58a8162526d60aad7868368d67bb089f014ecd271b34df1b943c96f7bd89121c59fb708efbcfc5b56f5d349609aa1576dbcff9a345eb8f78f19865aa2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c106b334fa0ace3b63e26a4d27d08aaa
SHA1 f2e1afd7efda5802ae098b0be3c87ade9924d77a
SHA256 4103f13f3ad322512a2b120defab5361f18581ed5d3a1c37c66535d571266b26
SHA512 6a8bac19ae98d7fe00aadf753a4289d86088e63aa9f79f288b2249eb02f88dd40f99a1e68263d451b70256ae271f3691f727b6765a1332e339a0214b55557788

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 011bd05e23a1eb6d3fc83315e38f5058
SHA1 efa9073aa053b6fc64de4ea9a5488206d0bb2e1d
SHA256 45b77a68e1243ac4804827b4a17dc422ca0778acc41ccbb2cf9579e5914d00e7
SHA512 1c299b1e518801b02f658e3b018cf66569635daa1edd9886795944099401bb67ed8d1b35577ad719419a3c2b2b0775bc27dd05e79a1151ec2221fe302c8a4a5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d9e5aa58d365ff40a6d124967b87b67d
SHA1 6cc2dbc608dc6f6b88d626d2a4c2f527b370d0b3
SHA256 82941a08611df26973e2fb9d77a9cb2b31b9bb3f86e0a6c769e1926bbf81e98e
SHA512 e2de29da0aac8b606d1786cf712ee95afc27b8d03a6308ef5970dd1d005d4d7d24ccbb38086882b654fe0a8f3aaa5719690ed4a5e63b2b646a04183d04549ffd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1bec9a1b57d564ee2626f6273e0f1c90
SHA1 9314fd735c8a4afcd14fed79f1870539cf9874e9
SHA256 a497b55b3d44efb08a6753783c74a1b7838211dd8dab882274e52c7f584ee7a1
SHA512 31356e298146d023eb011c65c014e9f158a48eb7bb1eb0cea98152bb01e29f1fb6856ab792e611f16c558bff2183a4a872cb6e22d27f22654072c8bd2d58dc32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2125a41a1b0106829f5dc93a0ee46074
SHA1 78abcd8bee7ea1bfd8e6a6ca7033aedcfcd89fa8
SHA256 7a286ada62878846859b6da754b45d2f095ea2efe93ba65a2e4f4590c8348b8d
SHA512 986cb229447899c9354858b0cbf3fba3f5a3eb03ac2d42c67160f26a5f5d1b997169c151cdd912bcb7c9582f9330a2c6c38ff86faf4f2914b6394ed214a8a03e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7454ab3c2f649b43effa8edab1c6598a
SHA1 477d830fe0e6a65371943f73c2807fd1a7d7ef3d
SHA256 3a62010660bb301a255ca626d3038e87c5a717e7114c42be7fd9f4e0d412c871
SHA512 f8cbe4a827f024010151fc2da547b405256924439c3d801a086731b51997ff936defc500ac747cba867896e5ebafdee6c3af58d6cf28de724ff9d06b0c3b9143

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa49ce0d0920c1eb67b1c0d86156db7b
SHA1 0ea3f107d7048b2f9a4cfb5f27a8e62d0502dd01
SHA256 5197a159aa590c27ecc4f7447088390d1904fb432e0a023cfd278caba38d0a2b
SHA512 1807206794de11c16657f30013ada9f448bacbe6251c1249aa4a4fab336b4556a7866a9cdbf141a7a4a5904d333f2f2ab6acc8210ca52da56e8c863654930458

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e95e882aa10e838c98e53972fac72a87
SHA1 cf501ba4356e2f4006e5acacecd4b62605a6bb90
SHA256 3f968cd6a896c9893d14a0f7e4a3d80b324326a18157b89a0e43943b6a687a40
SHA512 7dc309bf5411b997f5aafc133410100cfa61a288d427a27a7fc2cdac10d11087d0f35774c674b558f5bc7168f0c340bbbaa3b47293426912c748a2161510e9e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 385620b756491d25146215408b39cdae
SHA1 29b613569ae7abe40d49068c5e3f9e9e4bfd5fda
SHA256 a1e74a7f304b223a25efb0b7cf2a391a04250be3f34b9f69c5e0f54cc3dc4f4a
SHA512 e60fd5e3269537f31ee86f1a86bebf00cf3fbca5008cfe0d8ab60bca5e0cafed2b9dbac5f85d968e6fa9281a4f9f0b616e43f16c03ebb7cfafad12033db0e496

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a8156de42f2c5c268b92439d37aac797
SHA1 1416bd97d9dd5eab587b638f6ec1d5c236672af1
SHA256 dbd101e746dabd1ccb71a7bd200010dd4cb7b18c2503eaa19f98a431f31da924
SHA512 24ff8eebfd4ce057ea4f59bff59e6767ddafaf5861d7bdf87284127438a1850dd327ddbabb7692d88fd01f65f4fe1ed2737d626ab17660e5a1bb17165553cafb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4e787b17a47cca957401fa34dcee5371
SHA1 65d7a6fd590a46dffab064d0bfaffef1fd3f6d91
SHA256 f6c46e88b8948a91f1784ff5be798a27aaf71c04fd12b8e05c24220dfb19176e
SHA512 9091440ff7c4ad74aa0136f68509b5a812163a9005389578c91ece2a1c0872ff07f1a3d47b9cae1394b60fdba76cf3319a872f5a9bba60546ca6ce6516e9a029

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 13d1e890868837a23895d3a8d400fa9f
SHA1 bc764aa66e22e5c751c612fc58de0a3a2876e1ae
SHA256 8147a0eefc3b5fa14eb5b4126b0526019636434f6d8f035b3ab5dd5571991b2f
SHA512 66af5f5e297b1148381d041eb2650e931b1d26c786250546741289427a7a9437eb57fb60f711f3ef2d45f445ff542fc410000ea7d4dc6c56f4ce67b50750ae1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5d76ec24561b581b95e6716bfcf4036d
SHA1 c3458122f1126d2c53f825133c25bd6e7181e54a
SHA256 9eb699d5fe3c69d8de56d1148d50c4b440fc95958653c7a8b17e63cad8e86567
SHA512 90026ec7f6a850b6061b57613732145f38fc64b152a0a5366ffcd41535c6893533f20a57e6586a325dc2529a2f960f661c16a446e7f92b8c3412f943b16c04af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dc297cabf8ce1b5732e5c636e13caaf3
SHA1 025e3b6860695f114ccced44850abce76a7bd7c4
SHA256 a4fece231dd493da73f6d8600e5bc3af28b3ff1b044a7865907a95b59f9343fb
SHA512 fd727716637972bd795493c42865cbe34bce576b303e68404452b19025767e33a70e5c5f276751ac2c7236d58defcaacc5913626719f96f990a584ec8dbfe6df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d7d69356e09ee716c85f5fef3b05ff3b
SHA1 ef0e20e54794ed1879cb3886431d45511a366f07
SHA256 70945eb37073a34284701f4e1de1b4010ca24da984580f023eb41c4c56b06229
SHA512 73d40e41c8cebc7d27f727e3b54a4488a829a60f6870c7fe82d1b65d986c81edea1e78a03d2a1d60447f837a5c523c3f873806cdaa9ca664ff31629c01760b80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3bd66244f04bb39cb87b1e05a53c78bf
SHA1 2b7fcd1dc8dbe9f6d6213df1f43517217cb7c6c8
SHA256 be6bac3227a06b376669e01e31229ddbc914ea1fbc935c3a5740d175028a152c
SHA512 e361536cde0e06b8f898f2e5e9577a6995ae4d8f0226a45920755222a5e29f393b2d23ab2f76a1c59cdf88c5dc123c4fee73b8ec7cb74b144cadbe2f2b10f153

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3d79900391a67917ea2cce0090a4990b
SHA1 edd9de804b5bce38751fba5da670b8ab1eddcf24
SHA256 3e0b2dc02b0ff3559afd45ebf0235196165356452037f0b905a8251549966ef1
SHA512 bd975cb0b54ca56fac66963b8ccfe715690d6f5dac0604cf3ad2a346dd4e349262269b947370e3ffd023b35695bfd8ed9653e3831bc37817662ee83bfc96070e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1e80fbcf99b0f801abd8ea96ad2df7f0
SHA1 70148dbc308fa7dd4868b10d455831eeb1c03df9
SHA256 b1e0a0f610eada5d53bdbbc1bce3630db9b1b9a1a73bad84cf0fd0cf67756d0d
SHA512 fdf765c9d08899641e7237e059241dea4ba300465fb149583f3b9c859452c20ad2d6f5b5b5e9011d6ae0e831d15212fce7e56d710e62721e554477fbe2278a6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 42eca4df0a8156fe506d5c635ffef8aa
SHA1 7e36f5f9849ce7b6a5663ee802dc22c16dbb1816
SHA256 4deb46daf6941a6ea1dbe224ffd3d45a208af53a508294512ef97d8a6504714e
SHA512 eacafa9b555950e776ccd4ac95e4acbf92b62822055f30b63437c904e66e7cfc08923c734a74eca3a771cccfd8b03d52e346b1ef86e558737675dbdd34512884

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fd4d90078cd49ee2506d3cc170097f32
SHA1 42963adfc78e597df61f190361d09ccea4cb5c19
SHA256 d7162cf29bbab67fe23ef20b114ea1756a51f2fa64a04cc2235d779408513fc4
SHA512 32bfbefec32057234a6f1c2f9a26321e0dcb6fc8c7839aabc5acc2424bdee7eef64cc9f44beff4d93e1337eebcd09073e63cb26781c1e9cdf5c3ac6ac25e3609

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3cd63d76295d138376476a1ea7e3cdc9
SHA1 a4d759386e10868e8bfd58fc6ae4d229df785ef6
SHA256 a0f1bbc67ea268ce0cafbe86593a07ceef9f99ffb7dd41d7638344468f94e79b
SHA512 8765b9c9a609b42fb638c2cae868daa85d44a35621fa5fb63482a519edd7fdc910a82f36ac9760cc2c267b4bd907f0265e9a470a61f36e81b76165999637fa1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 39fdc08cf434f4461d70f238ea446aa4
SHA1 8e4a474f14a5fbff7e4b71647c44d4619673f9a4
SHA256 1c1d8bf2bcb2636d866d4a12e154f1d1e1ef28ddd6b6ec28480add7be89a62af
SHA512 e1fd4ade0e0cb96b22509639d164e5d761c53ae027997f63afdbfcbfe556d71f8700dbfb02ebf5af9c585a4db0715746d1e46a000dcd8d151394d4c58933bc3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7f29e41c42ae61aa6d20dfcc7cc03b93
SHA1 5f2af10f7a647a683efc85b698e6810e7041ba17
SHA256 e6131721bace772bd269f2d9130390ae87a002eb437ed0252ca9d459f71be492
SHA512 981c1b311e0cb5cf10c5b6855697092beeb830ef70469781f4971d65c4a41dea46b090198c2623fcdda4aa3cb18570880a6d3cbef3887201249fa3612ce6f242

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4296f6918e726e9008a90c66ec37e716
SHA1 aea75b0925af1c8aac6abf6e91e69308d44ce02c
SHA256 e7740281ad134ad2ee41c87ee24114cfab1484fcc95a1c564c098ea8094cca79
SHA512 f03dd526c2b54afc197d58c78c0ae4ec9c160384ada3ac2b7e0df936c5c142cf5d328b946cb2bbc58ef2761cf11f3d8e3942bf78f23de5ab5101def33981b24f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7bfb4c1b161faef9b7eef1337f30c66d
SHA1 5fb4d7bd55b4e0cd413fd4cf3a888db80e8f23e1
SHA256 ead03da1cd1759429a875965fb566e57a210c6c67cd0fc03527b04762ed0b8e2
SHA512 c1d0fea5e4701766b0ff93c7a2b66fc4d9668d9798b081a96757e026cf08fc1562b7419e8df69e6cf2d1460ed7e1916967086568c028dfe24cf1a3b847353478

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f63dc47f371eb7459ca0633f639ae135
SHA1 def09493482b1f61966aeb183312302ee0cf057a
SHA256 41fc571088b2e10b001cabb6515028f4bdcf0bfd264a44649c4a9007cb6a9e0c
SHA512 d4370f791be799f95fa7ac87e108dcfa1993f2f4dba970eff3061ea6e9bd3e0f1cf2dd5ad4ab81dc87f8d38a56490c8d45e282946c78c051b5edb79d2887c5df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 17fc80e19bbd44febf6fd81d70d5829b
SHA1 aa62c0b96f800e5654596d137dbdc3358bc1aeb8
SHA256 cd17652592b16771d6d09e244a44e7d7b5be6159ce364a8ce6a1fb1e6f2d0a9e
SHA512 1cdfac8f4bf080bb82da5f7841b46fafb4b4f577b6b3ef1e4e11b4cdf1a83f18e32d922498ed50d66edb966b62da012fad2fddb6a7b365dfbcaf241a1a3afb1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 d051cb22d593a03f45bd0c0ec39c2bc6
SHA1 85ca03dee45b322f65e20edd29631c82c35912ae
SHA256 f459460887fa8849d897c89b5cb50a0a2d570f788cf81647cb68647a4bce503f
SHA512 7bfe2719a9bfdbc5d117c082934a02420ff58c536db4627578033fd149adc3ad45e276adec137c80065c46998d4712c3d13acab037811f885269bc7efad990f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 68c477c4c76baab3a8d1ef6a55aa986f
SHA1 4af50379e13514558dd53d123db8ea101ec5e24c
SHA256 0364d368abf457d4e70dbc7a7a360f3486eaea2837b194915b23d4398bee91ac
SHA512 92b34fe3b7f82f10cf6de8027ac08f4a5b8764fb4e0b31c93da6e3d5bd08e0bc83b79fd70b8207a1066b689583e0b6976fa3c885b0c067ea343e6f2031d55d25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 6b37a5b2ff3baee32db53505966d8c93
SHA1 f3f42e843aa6464c10e9a60c0f8c9264998a51e5
SHA256 a58edc5df4085f0ddbb80367dc7ed414572928554566002c19e778b1fd2de268
SHA512 5624785a968372e1403032cc989558433e788ded8370282128e4d6530d5aee7b511a4e1932bce19625ecaf6e2696bb56699af14f03d2e19a16e97ed26f14344d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 08a1ae0e95fede2e246e0ece5c9fb73c
SHA1 ec83b43e7388e6f09b56376017f0e1c67aa52fea
SHA256 c0b8d273858fa3e5ed0ee9903aa47ec1fa19d1a5970de3525b490b1a6dacb5f0
SHA512 7f0304cd81ac1b404d59efba619504dc15315c64a6e52dabb5e188b62e7c9ede8f5dfcc4f514a247074ab3b8b48abbe32544cb6df9b0a76bda856f0e6a5a83f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 82524a9ba1a4cd636714f45ab6534ce8
SHA1 7903f3f439555ac14e953fd7ca56f211de5d0bab
SHA256 473629da61044f673a7497e37cb1517399eadc78b17802928a2799cadf0d2c02
SHA512 972377a978c859e58f2fcbf6052bbae3793b270520efa18734924f70fc73dc0a3252153f0e138e4d1467da8a5a29dc1bec697c8b9481196dd1875e47978a9bbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 5e322d177c03a4bae6286675f596a13e
SHA1 b5438dbe20b139747adb278337ff5950f9ac1839
SHA256 b24c2b084b7d6bab9107011c87634ff2eaebead58c9c9edebd2e375f8f1fb91d
SHA512 1adf3387189b74541d9635026f149edcc10a96cea6e48af06f7c8f449fcfd9788592d7fc92997b5ee91e8a08e7f29a7f8825069d13b114b8b441621d1569943b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 50451dee977409e7b83b82ba8a31f095
SHA1 394f9f749a0fbba620707f1fc55d4c3341c30f38
SHA256 10b17ca89bc9116a4c9c2edd1a28d1bf2b11b5e34e86545d0931fc5f20897369
SHA512 6889b80db888947fda3c542c1a2731783dcf437b277edb2c317177b6a4cd95601a0d130fe79282ed7806d65701af4e97d6d8d34e27a6487db1a49cf8b6b2f216

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 502b42442df1ba4f404195bfd51ca306
SHA1 272f87c79849ef042fd555d48e592b42f6127017
SHA256 f57376023c0129a8c32f362ea978fb707e6748390cf35ad74bcf986aa60e2483
SHA512 42ab6a1c4f3fc6268a76501935d0dc87b2f4cee6752418fcaf4f564f76dd60f352037312d6279db515e42b4a7341d557d79b2878e4c5c18096b5dc42a8dd648f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d50b84a9ec5cd5a9d82fc05dc0592d04
SHA1 e30f0048a3afadbf9cc37eb010296271b047d45b
SHA256 48c277f5abb1fb4a7705e118546f73d06113a3b9e0b2f5b3d42bf082d4604eba
SHA512 f66183cd2b80766ec500dcf53274630f00114220545aea68f128d90f3b8e47e23260e856832776bd36e5fc33f9836bf0c1519c0033dc4a49615b84eb1fa980d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9c0a5c94f24289c124e561bad9869072
SHA1 593d2dc2e84dbf95065edfc1b336dde69fec7fe4
SHA256 21a103e165e2ce18c653cd8ecb0a09f972d8f5692c8ba8f8ac67e1878876be17
SHA512 6e7320f7182651589fc4082b89a52e1ddcaa8b806f4d723a9d10cfa38f6a9572be20463adf7ad2fc29e37f182250a8573700dff9a4396717268ab7e02c3d641f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 822b6498ab424fc7cea8630ec6dbc415
SHA1 d2096295b76fbe5118df5dafe19c03b58ee0d9f0
SHA256 2b60575efab0820458d506b11af361558c8803a1e4fd0873745106765c57f67e
SHA512 c5e141fb8b3a2cff911cb34a9973a43cb067d64362c9deffa968fc5c72a4efb1b7410b03c81aa5cd4e116df8abcf6e14e693ec31936ae7b21675f91d199aed3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 603ff14a882213cba966d1ed0c021e0f
SHA1 468586956932fdc406ad86f670eb9279efca622e
SHA256 b0a5f3db4a1a492daccec491cfa90aa065702b2fe87d040fdb08eaa3a0635288
SHA512 e106a2de9d5a01c69d72902df69bb2b543245133a11befc2a157165dfdcb51576c25549a21ddf792c37ae2cac8d6568d45e051dfcc8dd8e89590eb498750bd6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e5445c526f274c3f7a2838abd61c6302
SHA1 0b0148cb0ee531da3cbd7db0e4fa77a01df0ed1e
SHA256 a6c91c677ab4a79d3812a6c48bad3edbc8e4eb20de37171b48bfa4af95adaafc
SHA512 bb6bfbe1e9cf0f4a595b6368f8cef7c2eea33337dad137fd797cfe1287818b4c9a0563a8fc10b1adc1da5887cb0bc249ec567f576049be5a7622d7019b25f92e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 43ebb202808bdeb90215c8e02a4a2d99
SHA1 ebedfc015cd3ac89f39717e8ed6026aa3bcb542b
SHA256 2b8f2e249581fee73f943d9432f8fc4d60b30fe2d32701b109ea6d64ec13a238
SHA512 e1ebfd1f0f2a9ff6f80a63a58c7b1c1410b0a262f3797928e8aff8b23763f2a57cf72bb4e3315d446e84ec9cf3821e6b812a3533770362c690055f8bc3a966fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3adbb2aa185761b3b5a5493e344500fb
SHA1 1c74c2910fbe8af3254cd6a0c8e5d10e7f6dfda3
SHA256 4788d38a2c82031dcfc1cbd86c8c49d7f643a25c092440ec78b73bbe9075d8bf
SHA512 0c8a96574b65f287a91e9df8a67ea0235b62edb85b9316be801d339a3e9ebdc0bb82d1e6545068db87fe3563faeb3ab33fa468570dbceb42608d7d68bbb4af03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6bd88c12dc987ef975471fcc62a93e0c
SHA1 afd663784bcdedf631623a9ff9365994e82f1989
SHA256 215c0ff388f3f058fa414c1867b0c6aab855dcb62707c99775fb03d6fa8ab78a
SHA512 38c07d0964058f9fab7df2981c33264c3bbf2222ca0346b48d89d8dc2459ec5409d7ff1e8cc7e53ee42ebcbb4c9960c599ac619f81a4a25938a6fc2bf30d16f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fe76f2ee3d917e614f1ad898b59756a3
SHA1 2e83c7ec4a7a6f197f6cc19cfb818767cc2e3e17
SHA256 da5cd40476456b4f8b6febc7d01c7e03cebe7251a75a4b42891ef4a7665a8abe
SHA512 aa4cd60e2eade7192c86a75b4fe111a3f649acf9f80e658811034252bdc509840603a6e9f5a6f3854a21af9612e71c299de9c58b62d88ceed755e8624d98e18f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1a00bc03fcd19d40eaebaf5ec546b0b5
SHA1 100bd2cfc1ab1422a71f63e0c3941c30432e27fc
SHA256 4f942af6bbbc66783797d31eee7b69b3d220234e203a954b7ea52e9a9d2250c3
SHA512 b5385b69f38594466c82d0cfd13c363ca6afbb15370ecaa0b84e89da567a58c18db2b12d65a29b8c2fa2356140723589f4f6a14145f63f9f95babdd74c5479c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 509849b6d6cec6f0ae4cdca42f9c36ce
SHA1 05aa8ea08dd51a07039600e8d315a101f2faf658
SHA256 5b83bd8e7f1d359601a32e26db62b342730be3e47f82b4fe23543cf05ca5c473
SHA512 e297f56265cd2d8b0d78eb82c82260e8f7465356e4d6c3ede054118e17b658b79faccf7d33ab4d362db703bf415c3d8ddb7c602c17dbfd7914be4f3efd40a2ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 285c6867668e99e45e1fdaab3a62da83
SHA1 77c9ed9b7d2ae3f85ac1b1205ff07057a40014a3
SHA256 98ed2a5eb36f4a16c41e93ff215a7e6d0f9576d64ad8ba4995dd56443b1b7d37
SHA512 3cc8c591fcefa0f6d9295bb01740860ab1e0495c42e78eb68e61dd52a92e24a33c4d21b66a4bd5e72929ba4649741d4a769bd594a593fee9b005e14b76fd2020

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e38cae1d9f6ca8cbab879b381b8370d6
SHA1 c7d7bfccb208f6171b556e3ea792e956c8987139
SHA256 34e310e399b79a304b144ea54f70f3463d2f6152d454f5bb1103e5602857f868
SHA512 481505537d8404671c3cb35b55e53ea46a2d3d93256e0694245051bd1bab6f3feb8a084d1b12f57a90cd12a41a36ef0394d46b49f0226a465f11a0f2acc2c5b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3381e20373c4ed282d971021dd2af0c2
SHA1 e8f52dec11178c3f831188f4cab9546eafc47659
SHA256 aff322fba9e60c10c2d44e5517ce7c3c9a5a9e91824c6114bd83c141ee7fcf3b
SHA512 9480eae3ebf8bd6a77df64ba457f26e50b73e77b9e18ad03a022d19bf0ffb82bf39f9967607d85aa1f0c61634b88febe551548c1606c6bd6fca86c918e7758e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 40fea44a37ab6e70035859e9e4f255e4
SHA1 062a28e838afd4e4836afe5ab8231adb841da3dc
SHA256 d5cec162b3927de5fe8ff0b1e6d1c6284e17d3b5345e1e7ce4fb46ed1fe297d0
SHA512 d678a3d9561c425463b25ba5eafb5a19e85c0fed8c032f55cd4b80a5219008eeb6ef1ab0dfc8d67e1554d5e66e817cb1438ccb4ad775a0a9a90f1c622181e3d7

Analysis: behavioral11

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:50

Platform

android-x64-20240624-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:50

Platform

android-x64-20240624-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:50

Platform

android-x86-arm-20240624-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 21:21

Platform

win7-20240903-en

Max time kernel

1563s

Max time network

1570s

Command Line

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Virus\Mabezat\Mabezat.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Virus\Mabezat\Mabezat.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Virus\Mabezat\Mabezat.exe"

Network

N/A

Files

memory/1260-1-0x0000000001000000-0x0000000001026000-memory.dmp

memory/1260-0-0x0000000001000000-0x0000000001026000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:49

Platform

android-x64-20240624-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:50

Platform

win10v2004-20241007-en

Max time kernel

25s

Max time network

32s

Command Line

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\Program Files\\mrsmajor\\Launcher.vbs\"" C:\Windows\System32\wscript.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\System32\wscript.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\disableregistrytools = "1" C:\Windows\System32\wscript.exe N/A

Disables Task Manager via registry modification

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Windows\System32\wscript.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\X: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\unregmp2.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\mrsmajor\DreS_X.bat C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\mrsmajorlauncher.vbs C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\CPUUsage.vbs C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\default.txt C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\def_resource\f11.mp4 C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\Launcher.vbs C:\Windows\system32\wscript.exe N/A
File opened for modification C:\Program Files\mrsmajor\CPUUsage.vbs C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\def_resource\creepysound.mp3 C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\Icon_resource\SkullIco.ico C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\def_resource\@Tile@@.jpg C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\def_resource\Skullcur.cur C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\Doll_patch.xml C:\Windows\System32\wscript.exe N/A
File created C:\Program Files\mrsmajor\WinLogon.bat C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\MrsMjrGui.exe C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\MrsMjrGuiLauncher.bat C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\reStart.vbs C:\Windows\system32\wscript.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll C:\Windows\system32\svchost.exe N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\System32\wscript.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\unregmp2.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\Cursors C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\Cursors\Arrow = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\Cursors\AppStarting = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\Cursors\Hand = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" C:\Windows\System32\wscript.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "232" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045960512-3948844814-3059691613-1000\{9B3CCF70-1E19-4811-A6BB-A41C4AB35AE7} C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\shutdown.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\shutdown.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 112 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe C:\Windows\system32\wscript.exe
PID 112 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe C:\Windows\system32\wscript.exe
PID 1456 wrote to memory of 2792 N/A C:\Windows\system32\wscript.exe C:\Windows\System32\notepad.exe
PID 1456 wrote to memory of 2792 N/A C:\Windows\system32\wscript.exe C:\Windows\System32\notepad.exe
PID 1456 wrote to memory of 1760 N/A C:\Windows\system32\wscript.exe C:\Windows\System32\wscript.exe
PID 1456 wrote to memory of 1760 N/A C:\Windows\system32\wscript.exe C:\Windows\System32\wscript.exe
PID 1760 wrote to memory of 4128 N/A C:\Windows\System32\wscript.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PID 1760 wrote to memory of 4128 N/A C:\Windows\System32\wscript.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PID 1760 wrote to memory of 4128 N/A C:\Windows\System32\wscript.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PID 4128 wrote to memory of 3984 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 4128 wrote to memory of 3984 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 4128 wrote to memory of 3984 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 3984 wrote to memory of 3764 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 3984 wrote to memory of 3764 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 1760 wrote to memory of 2060 N/A C:\Windows\System32\wscript.exe C:\Windows\System32\shutdown.exe
PID 1760 wrote to memory of 2060 N/A C:\Windows\System32\wscript.exe C:\Windows\System32\shutdown.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system C:\Windows\System32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\System32\wscript.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\C2B5.vbs

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" "C:\Program files\mrsmajor\mrsmajorlauncher.vbs" RunAsAdministrator

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2d0 0x51c

C:\Windows\System32\shutdown.exe

"C:\Windows\System32\shutdown.exe" -r -t 03

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa38d3055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\C2B5.vbs

MD5 5706bc5d518069a3b2be5e6fac51b12f
SHA1 d7361f3623ecf05e63bb97cc9da8d5c50401575c
SHA256 8a74eead47657582c84209eb4cdba545404d9c67dd288c605515a86e06de0aad
SHA512 fb68727db0365ab10c5b0d5e5e1d44b95aa38806e33b0af3280abcefae83f30eb8252653e158ac941320f3b38507649cce41898c8511223ee8642339cfece047

C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\CPUUsage.vbs

MD5 0e4c01bf30b13c953f8f76db4a7e857d
SHA1 b8ddbc05adcf890b55d82a9f00922376c1a22696
SHA256 28e69e90466034ce392e84db2bde3ad43ad556d12609e3860f92016641b2a738
SHA512 5e66e2793e7bc88066b8df3dccb554351287dea18207e280b69d7798ecd5cdc99bd4c126c3e394db9f45f54bb561e6688f928de4f638c5eca4f101dc2cea54a1

C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\default.txt

MD5 30cfd8bb946a7e889090fb148ea6f501
SHA1 c49dbc93f0f17ff65faf3b313562c655ef3f9753
SHA256 e1ebbd3abfcaddf7d6960708f3ccd8eda64c944723f0905ff76551c692b94210
SHA512 8e7d98e6d0c05d199114d2d6ab8da886aed68de690c4d79643868eaf051c229fff94c88d937adb3da5e31fe48116613cf79dd00dda30f296746ce0a8aded9fe2

C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\def_resource\@Tile@@.jpg

MD5 3e21bcf0d1e7f39d8b8ec2c940489ca2
SHA1 fa6879a984d70241557bb0abb849f175ace2fd78
SHA256 064f135fcc026a574552f42901b51052345f4b0f122edd7acd5f2dcc023160a5
SHA512 5577e20f76d6b1cccc513392532a09bdc6dcd3a8a177b8035dc5d7eb082e0093436068f92059e301c5987e6122c4d9aff3e5ae9cc94ccc1ecc9951e2785b0922

C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\def_resource\Skullcur.cur

MD5 cea57c3a54a04118f1db9db8b38ea17a
SHA1 112d0f8913ff205776b975f54639c5c34ce43987
SHA256 d2b6db8b28112da51e34972dec513278a56783d24b8b5408f11997e9e67d422b
SHA512 561860907fa2f53c7853094299758232a70c0cd22c6df3534abd094c6970f28792c6c334a33b129d661a46930d90fd8c98f11cb34f3e277cf20a355b792f64f0

C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\def_resource\f11.mp4

MD5 17042b9e5fc04a571311cd484f17b9eb
SHA1 585d91c69c3f9e3d2e8cb8cf984871d89cc4adbb
SHA256 a9b0f1f849e0b41924f5e80b0c4948e63fc4b4f335bbdf0f997b03a3aff55424
SHA512 709076c6cef8dd61701c93e1fe331d2b1a218498b833db10ee4d2be0816e3444aeebfa092ab1bd10322617cf3385414e8fdb76fd90f25b44ac24d38937b4d47f

C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\def_resource\creepysound.mp3

MD5 4a9b1d8a8fe8a75c81ddba3e411ddc5d
SHA1 e40cb1ee4490f6d7520902e12222446a8efbf9a8
SHA256 79e9a3611494b5ffafaa79788ba7e11dd218e3800c40b56684ccc0c33ab64eac
SHA512 e7a28acb04ca33d57efe0474bb67d6d4b8ceff9198198b81574c76c835d5df05d113fc468f4a4434580b1b58189f38184c376976604dc05d1424af1721995601

C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\DreS_X.bat

MD5 ba81d7fa0662e8ee3780c5becc355a14
SHA1 0bd3d86116f431a43d02894337af084caf2b4de1
SHA256 2590879a8cd745dbbe7ad66a548f31375ccfb0f8090d56b5e4bd5909573ac816
SHA512 0b768995187f988dc15d055f9689cee3ab3908d10b05a625b40d9757c101e067bbd6067ccbcf1951ebb683f5259eec562802ea6161d59475ce86cf6bc7c957f2

C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\Icon_resource\SkullIco.ico

MD5 c7bf05d7cb3535f7485606cf5b5987fe
SHA1 9d480d6f1e3f17d5018c1d2f4ae257ae983f0bb5
SHA256 4c1cfbe274f993941ac5fa512c376b6d7344800fb8be08cc6344e6c16a418311
SHA512 d30952a75d94dd64b7bd253ed72810690f3550f2262cfaaef45854fc8334f6201a8cbafb9b175c6435f7ce0499567f2fa8667b4b0046bfb651bf61eb4278e6c8

C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\Launcher.vbs

MD5 b5a1c9ae4c2ae863ac3f6a019f556a22
SHA1 9ae506e04b4b7394796d5c5640b8ba9eba71a4a6
SHA256 6f0bb8cc239af15c9215867d6225c8ff344052aaa0deeb3452dbf463b8c46529
SHA512 a644c48562e38190720fb55a6c6e7d5ccfab60f362236fe7d63caebdc01758f17196d123fb37bd11f7e247ce8ab21812165b27496d3bd6ca5e2c5efefab8fb03

C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\reStart.vbs

MD5 0851e8d791f618daa5b72d40e0c8e32b
SHA1 80bea0443dc4cc508e846fefdb9de6c44ad8ff91
SHA256 2cbd8bc239c5cfc3ef02f8472d867dff61e5aed9fde8a3823cda28cc37d77722
SHA512 57a9d1d75dbbab842060b29f01958f7e6b27d0175ff9a3f7b97e423c1b4e3fae94547a569c2e5c88224fc5dcc785f5a1d49c61199a8c7b3afeb4fc520600df40

C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\MrsMjrGuiLauncher.bat

MD5 c7146f88f4184c6ee5dcf7a62846aa23
SHA1 215adb85d81cc4130154e73a2ab76c6e0f6f2ff3
SHA256 47e6c9f62ffc41fbc555f8644ad099a96573c8c023797127f78b1a952ca1b963
SHA512 3b30fa1334b88af3e3382813d316104e3698173bb159c20ff3468cf3494ecfbbc32a9ae78b4919ecd47c05d506435af4a7ccee0576c0d0018a81fbd1b2dfcf10

C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\MrsMjrGui.exe

MD5 450f49426b4519ecaac8cd04814c03a4
SHA1 063ee81f46d56544a5c217ffab69ee949eaa6f45
SHA256 087fca40e079746b9c1dfaf777d3994c0321ea8f69d08238cdfc02fb109add1d
SHA512 0cae15d863120f4edc6b6dabfe2f0f3d2e028057025d7d5ffe615cde8144f29bdaf099850e91e101e95d13f8a83cb1410a06172dda25a5f92967abcbc8453cbc

C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\mrsmajorlauncher.vbs

MD5 e3fdf285b14fb588f674ebfc2134200c
SHA1 30fba2298b6e1fade4b5f9c8c80f7f1ea07de811
SHA256 4d3aa3ecd16a6ba46a9d6c0bdacdcd9dce70d93585941a94e544696e3e6f7d92
SHA512 9b0bfbb07c77d9e9979a6c0f88b0a93010133f7dd3cf01e1de5dfbe812a5ed920e916d16d6a32fe21b9ee4b5425e61a616ded1aeeb35a410d4f77c0f9392ed0a

C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\WinLogon.bat

MD5 870bce376c1b71365390a9e9aefb9a33
SHA1 176fdbdb8e5795fb5fddc81b2b4e1d9677779786
SHA256 2798dad008f62aace1841edfb43146147a9cade388c419c96da788fcaa2f76bc
SHA512 f17c9898f81387daf42c9b858f507889919474ac2a17f96fc6d4606be94327e0b941b23a3ccc3f4af92b8abc0522e94745616da0564cdef1c3f20ee17ee31f53

C:\Users\Admin\Desktop\MRS MAJOR WANTS TO MEET YOU 1.txt

MD5 e20f623b1d5a781f86b51347260d68a5
SHA1 7e06a43ba81d27b017eb1d5dcc62124a9579f96e
SHA256 afeebe824fc4a955a673d3d8569a0b49dfbc43c6cc1d4e3d66d9855c28a7a179
SHA512 2e74cccdd158ce1ffde84573d43e44ec6e488d00282a661700906ba1966ad90968a16c405a9640b9d33db03b33753733c9b7078844b0f6ac3af3de0c3c044c0b

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 5433eab10c6b5c6d55b7cbd302426a39
SHA1 c5b1604b3350dab290d081eecd5389a895c58de5
SHA256 23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131
SHA512 207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

MD5 90be2701c8112bebc6bd58a7de19846e
SHA1 a95be407036982392e2e684fb9ff6602ecad6f1e
SHA256 644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf
SHA512 d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 42d2a73c6ed9ee1d31d3e65b7e090cd7
SHA1 7cde2be7e46a595fc90beb911659604cac5e7857
SHA256 8135d3ccd09d1aecbb7f341186753195a4e74ccfda403e29b455eb8d18ccfc2e
SHA512 843ecadde6c5b46fba9def8ea567b691b01f851d65fe9625d7f5dbce7e18e38038086c87387d8b0909a5aa3cc4ebddd71133eb63c2988e03a455e427c3cfcb2c

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 832b024f796f2ac7689cdb8c61e90697
SHA1 ab66378a7c4a5b134318cb17bb308faf76fe01fa
SHA256 3cbdbd0ca9a89f007c5fecaf90e9b9c05aa55dc6538e958af39e9181f458b156
SHA512 1d594aac0d041d710d1869ba145fc22af581fe91b03d768ea9b1cc6a26c683bb21a6f65ea828c5dda6903a60d66b1485b7a99fb580d866ae3110e87b8a5fe6a2

memory/4128-142-0x0000000004CF0000-0x0000000004D00000-memory.dmp

memory/4128-144-0x0000000004CF0000-0x0000000004D00000-memory.dmp

memory/4128-145-0x0000000004CF0000-0x0000000004D00000-memory.dmp

memory/4128-143-0x0000000004CF0000-0x0000000004D00000-memory.dmp

memory/4128-146-0x0000000007550000-0x0000000007560000-memory.dmp

memory/4128-147-0x0000000004CF0000-0x0000000004D00000-memory.dmp

memory/4128-148-0x0000000004CF0000-0x0000000004D00000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 3223754da69a4e31b54421f0280d58a2
SHA1 42c06589fecc20c02fed77543777dc501c0d1f94
SHA256 b76b07ab453e519629d826bbe2cb81d7d9df7cd3ff260a77da517b902d46f58c
SHA512 72183c35fda60e308bfd3ff24bee5be1d2fd12410120cdf0ae127fe234a48311c1d4211bf5f013fd585bf8da62a8fc5e998fa6627faf60f43e36c865d576db07

C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

MD5 193d4b7bb696c3d21d1c3d22e3761877
SHA1 82d98c123d7e1133d69d8c1f84f5a154f12f98fe
SHA256 fa16aa9da7abe70fe01abf740f14c97c12f40765c9fba5e542e130ac242c8c53
SHA512 108fb29f05db9491bf0a26e3999264d427b34c04941a3abfa55face3ef5121744fd34038efdac96156eb34e0313918836b1b2e3c15a964b648b7fb2337af47e2

Analysis: behavioral13

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 21:30

Platform

macos-20241106-en

Max time kernel

1796s

Max time network

1805s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/The-MALWARE-Repo-master/Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/The-MALWARE-Repo-master/Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/The-MALWARE-Repo-master/Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/The-MALWARE-Repo-master/Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe]

/bin/zsh

[/bin/zsh -c /Users/run/The-MALWARE-Repo-master/Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe]

/Users/run/The-MALWARE-Repo-master/Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe

[/Users/run/The-MALWARE-Repo-master/Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.diagnosticd]

/usr/libexec/diagnosticd

[/usr/libexec/diagnosticd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.newsyslog]

/usr/sbin/newsyslog

[/usr/sbin/newsyslog]

Network

Country Destination Domain Proto
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36-courier.push.apple.com udp
US 8.8.8.8:53 43-courier.push.apple.com udp
US 8.8.8.8:53 41-courier.push.apple.com udp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8-courier.push.apple.com udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 5-courier.push.apple.com udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26-courier.push.apple.com udp
US 8.8.8.8:53 17-courier.push.apple.com udp
US 8.8.8.8:53 47-courier.push.apple.com udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 24-courier.push.apple.com udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40-courier.push.apple.com udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19-courier.push.apple.com udp
US 8.8.8.8:53 9-courier.push.apple.com udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23-courier.push.apple.com udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0-courier.push.apple.com udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 3-courier.push.apple.com udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50-courier.push.apple.com udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15-courier.push.apple.com udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27-courier.push.apple.com udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38-courier.push.apple.com udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 48-courier.push.apple.com udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16-courier.push.apple.com udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
GB 17.57.146.152:5223 36.courier-push-apple.com.akadns.net tcp
GB 17.57.146.148:5223 36.courier-push-apple.com.akadns.net tcp
GB 17.57.146.151:5223 36.courier-push-apple.com.akadns.net tcp
GB 17.57.146.155:5223 36.courier-push-apple.com.akadns.net tcp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34-courier.push.apple.com udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29-courier.push.apple.com udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6-courier.push.apple.com udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:50

Platform

android-x86-arm-20240624-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 21:33

Platform

macos-20241101-en

Max time kernel

1615s

Max time network

1647s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/The-MALWARE-Repo-master/Trojan/MEMZ.exe"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/The-MALWARE-Repo-master/Trojan/MEMZ.exe"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/The-MALWARE-Repo-master/Trojan/MEMZ.exe"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/The-MALWARE-Repo-master/Trojan/MEMZ.exe]

/bin/zsh

[/bin/zsh -c /Users/run/The-MALWARE-Repo-master/Trojan/MEMZ.exe]

/Users/run/The-MALWARE-Repo-master/Trojan/MEMZ.exe

[/Users/run/The-MALWARE-Repo-master/Trojan/MEMZ.exe]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged --privileged]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.cloudkeychainproxy3]

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AccountPolicyHelper]

/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper

[/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.diagnosticd]

/usr/libexec/diagnosticd

[/usr/libexec/diagnosticd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.newsyslog]

/usr/sbin/newsyslog

[/usr/sbin/newsyslog]

Network

Country Destination Domain Proto
US 8.8.8.8:53 5-courier.push.apple.com udp
US 8.8.8.8:53 6-courier.push.apple.com udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20-courier.push.apple.com udp
US 8.8.8.8:53 33-courier.push.apple.com udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9-courier.push.apple.com udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0-courier.push.apple.com udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 7-courier.push.apple.com udp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 37-courier.push.apple.com udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23-courier.push.apple.com udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 21-courier.push.apple.com udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36-courier.push.apple.com udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27-courier.push.apple.com udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16-courier.push.apple.com udp
US 8.8.8.8:53 17-courier.push.apple.com udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49-courier.push.apple.com udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8-courier.push.apple.com udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11-courier.push.apple.com udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 46-courier.push.apple.com udp
US 8.8.8.8:53 24-courier.push.apple.com udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34-courier.push.apple.com udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp

Files

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Analysis: behavioral10

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:50

Platform

android-x86-arm-20240624-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 21:39

Platform

macos-20241106-en

Max time kernel

1255s

Max time network

1713s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe]

/bin/zsh

[/bin/zsh -c /Users/run/The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe]

/Users/run/The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe

[/Users/run/The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged --privileged]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.diagnosticd]

/usr/libexec/diagnosticd

[/usr/libexec/diagnosticd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.newsyslog]

/usr/sbin/newsyslog

[/usr/sbin/newsyslog]

Network

Country Destination Domain Proto
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43-courier.push.apple.com udp
US 8.8.8.8:53 40-courier.push.apple.com udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gb-courier-4.push-apple.com.akadns.net udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49-courier.push.apple.com udp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 3-courier.push.apple.com udp
US 8.8.8.8:53 19-courier.push.apple.com udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33-courier.push.apple.com udp
US 8.8.8.8:53 13-courier.push.apple.com udp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20-courier.push.apple.com udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12-courier.push.apple.com udp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47-courier.push.apple.com udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29-courier.push.apple.com udp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36-courier.push.apple.com udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48-courier.push.apple.com udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15-courier.push.apple.com udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45-courier.push.apple.com udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 26-courier.push.apple.com udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 8-courier.push.apple.com udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18-courier.push.apple.com udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11-courier.push.apple.com udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34-courier.push.apple.com udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
GB 17.57.146.153:5223 23.courier-push-apple.com.akadns.net tcp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp

Files

/var/db/nsurlstoraged/dafsaData.bin

MD5 64f469698e53d0c828b7f90acd306082
SHA1 bcc041b3849e1b0b4104ffeb46002207eeac54f3
SHA256 d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd
SHA512 a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

Analysis: behavioral27

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:51

Platform

android-x64-arm64-20240624-en

Max time network

11s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:49

Platform

android-x86-arm-20240624-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:49

Platform

android-x64-arm64-20240624-en

Max time network

11s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:49

Platform

android-x86-arm-20240624-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:50

Platform

android-x64-20240624-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:50

Platform

android-x64-arm64-20240624-en

Max time network

12s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 21:21

Platform

win10v2004-20241007-en

Max time kernel

1143s

Max time network

1139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Virus\Mabezat\Mabezat.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Virus\Mabezat\Mabezat.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Virus\Mabezat\Mabezat.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Virus\Mabezat\Mabezat.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 182.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp

Files

memory/4556-0-0x0000000001000000-0x0000000001026000-memory.dmp

memory/4556-1-0x0000000001000000-0x0000000001026000-memory.dmp

Analysis: behavioral26

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:51

Platform

android-x64-20240624-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:50

Platform

android-x64-arm64-20240624-en

Max time network

12s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.213.10:443 tcp
GB 216.58.213.10:443 tcp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:50

Platform

android-x86-arm-20240624-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 21:18

Platform

win7-20240903-en

Max time kernel

1344s

Max time network

1808s

Command Line

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe"

Signatures

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\devmgmt.msc C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\System32\devmgmt.msc C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\System32\devmgmt.msc C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\System32\devmgmt.msc C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\System32\devmgmt.msc C:\Windows\system32\mmc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mspaint.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\control.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mspaint.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regedit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mspaint.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regedit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\control.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regedit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\calc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regedit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\calc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mspaint.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regedit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mspaint.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regedit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mspaint.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mspaint.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f03a86e19760794f87285209e450835600000000020000000000106600000001000020000000f7ee76bc342288dfd3138e3173c0dd48bf09d304eec69478cc64fac79bf81136000000000e8000000002000020000000b96b5d4f1adf87230e375cbd6181818eb9e67267747e13a8984d669f8b875315300200007c0a0234e9daa5df231eaa51816ecfe185d71f4c8524031c42678a0739cc3a43c75dde9ad3e620687634b65f93f96295743240eab0c91232f4f7de3d9ca87478cba08071e7890bd69540a0a685a582aad0ad333361e252c82ed1b462f8ec94cda88b9eea3ff0090e41c2cbc7d34bf973f99825ebd3cd309e50d665af20b1f39c9479b14708c44be4a5f72fbb6df29ca5b062a1d929f492e3082f719407a294e680ab46e62ea1c4ba00e65390ff035f227d04d98e8c064cc6fed03488a9693ecee7592726a1d36f27d87366c10d34c9b3d93f34f0ed18236771448f567a1e27c0273427d0c2aa38b6c961996d5c5c3054500c1f6cdae98a40cd6f8d4c6839227e2d402836912cede805a46f727c573c252603ff0a309286a1a289830e4e44c9a2a6eb92ef8ffd7f1a72553f6f2002c294ae469c6545149d56866dd171a6615c3639b9eb78ba5343511908e47b0c261e0bbe8e84a9141bcceaf6102ce1ccba6b291a83c3583d5d978739aa400ecc27fe7eec3d3dcbf8621ffc756ced74514d4df6444988c40deb709561640cc92a216a65a8df029cd4f5f0a30107849067db59a924f3fb3d7e1fb025562a0f6d42bf3a1b1e063661da3b4d5d7bda5d467d1659225ecdd733ab5a1873164989bef0453dd63b0b4ee879816aaf7a9205ad20aa69546d4ae7a8f9e890284c9896a1d7d8d006bda9a875e32dc07df6feea59f7977ef29b79d891c2cc513fa2207d4fde1f0b66bf1bf87f4e2eb92e477d5c37c5c646fbb3c7ab5676e34ab741a2de504e2194db40000000b220f7ba81040e49ac26484a82a707ef6c2ca9ae8fe8b5d9d76fbb3d1d3e560efdbcfe8a147fb6ede6135dccb7436e0f96725a47cd1d3c822e50d13871831bcb C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f03a86e19760794f87285209e4508356000000000200000000001066000000010000200000003101ca30e8d1fcb4083d85246aa50a995cf3a0f6377e18e125c56ea6c5cb1e5f000000000e80000000020000200000000fc7c7be049fd276571103003531bddfa69916541a03a4c423fde2fe4d799f2a90010000841511d12cb77c8c2784c5793e0002482b6ad78fda23406acf08dc8d1a29e6a8b8ba918794f467b9e41d98898e1fa985ef0305e76bbdcef3c0d4399ff21f7ce01c0f49bab683f26a95aa7805fbf0b46a4ae5f5330ef4214f95a3d1372edacf69286cceb748e345b2d149a7a585bb923f7fc238b530c4056ef5bf96ebce3aa71713ebf4312c34139ed7b662008fffd25ebdc766f54a81fa5a9aac166326b018cd105259b44bf9b269c93428647633d79771d1ed079aaa9d91ee733bb7a50e1a19902b87f4aa6ce843324af96d881d40b8d420af44a079d396d0225a2406a51d3651803ecf7128edcf9a5cfbea0cfcb99333d91c378c567567e41fa043cbf381277f44e22761a5340d010cc481a07d7b686730752d3dc6b7e956b6f959883b81f68fcbb460847fabe1835bd306e8bbb9a6865e04256278a6fc7b80c8597177148800de61aebb19839302adbf871c3f9a06ffb9ee52ae17598613ff9fdc71eabe805436d40a206ba8857c5a1905075813cf7c6ef1ece285bef0ace43c325ccd5c3b4cee07ac02e7fbc2c0493c35346093a440000000943b7f866d25e0d062c3fdd3464f282ba1101c2d977a5c9c7661beaa03a799094163c1d83d54e7cf1bf86b272154b363958473d3a7046103fbfd1bb5b7229f7a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C89FFF78-BA5F-11EF-BB31-7694D31B45CA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f03a86e19760794f87285209e450835600000000020000000000106600000001000020000000fd761ebceac2e67a1d68629d38346a4ec6920ac5667e8ae340ab21438d1f870d000000000e8000000002000020000000f7c82c345aa8fcd317ace473b5dd7acf0a755bc3171f5f021c482d943014d81b30020000ade525b0954a99f05246a54ecd98c2468e872b99d5c22a2bcf0d4516f70f678eb5312f45b1ac48760098abeca15446a0a5b61c5d71577d8571baf37c4c0c144cade41addb2a6d16a7bc125c595c131986befe178be68c951f19d7b7603b5f705fb9b60404e9c172bf15ea180ae92b4c428359d07d1f377fd014b0d417ebc4822b65c9e7adeb84d6378068a86bbe61bcbc3ba03dbc9313f00d1b3b4a9e99908909fe60f9ae08328e2d101357dda88bb5adc7c7ee59af26a173bb559a3a2440836cdd1dc8c64ee5d3c9ffde1a1baa524b1bff43b148a29e4e180fc8c36b19822c7f6b60c406508e717fb319b06be471f7c4a89d0cb3b55c978c8e1dff581e701ff5655d5c0c430ae7d696331904a7b79177c8a80b033e3167e38a83f86a1c91d87e7d0a95681267981399ce16d1efbdacdabad4068a0aabe4e859c1de9c55e07c57cd9b2c5f72ddcb64906887fc3d3a542b69eb7e20ebbcbaaf1d0c1312ee5108cda9dffa24c5e10914707b1d04594a67a572b7d9d327a46e3165539a10337c914c2cc1474c156919e85ddb47086bd24569840d9523feba6335f2d0ee52c89776e300e07c2bd62b155b786b0da40ba35c2c4a80b34459934d7eb77936537903b7221a51a954a4f286cd783e9772843eca6616baf345a37039b4633f979c3bb47d2cd4746c98ab52e4fb523c34b06394b3211ee9aca92fff2f02a13430418762f1768d8e054a70f94a646e5a58fef0d1f4cfbc5f68b6bb41af5d23ec377429cf1743e55a2757936826cd13b138ed827c5bb400000001e67b7db4933ae799f0956f4b9886f8e1c45da94c6f63aea6497251605386064034ef9b74495805da61d8c889f3755c89fa7a031c61b91bc929f4b13c7469ebf C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2512 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 2512 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
PID 3044 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 3044 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 3044 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 3044 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 3044 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3044 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3044 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3044 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2900 wrote to memory of 2652 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 2652 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 2652 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 2652 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 2460 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 2460 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 2460 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 2460 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 1240 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 1240 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 1240 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 1240 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3044 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Windows\SysWOW64\cmd.exe
PID 3044 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Windows\SysWOW64\cmd.exe
PID 3044 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Windows\SysWOW64\cmd.exe
PID 3044 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Windows\SysWOW64\cmd.exe
PID 2900 wrote to memory of 1324 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 1324 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 1324 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 1324 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 940 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 940 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 940 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 940 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3044 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Windows\SysWOW64\regedit.exe
PID 3044 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Windows\SysWOW64\regedit.exe
PID 3044 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Windows\SysWOW64\regedit.exe
PID 3044 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe C:\Windows\SysWOW64\regedit.exe
PID 2900 wrote to memory of 1488 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 1488 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 1488 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2900 wrote to memory of 1488 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe"

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://pcoptimizerpro.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:275473 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:209940 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:799775 /prefetch:2

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x54c

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:603185 /prefetch:2

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:603206 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:472149 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:1455160 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:1258607 /prefetch:2

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:2307143 /prefetch:2

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:3093603 /prefetch:2

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:1848418 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:2110557 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:3290260 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:2045070 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:2372770 /prefetch:2

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://play.clubpenguin.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:1258498 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:2372611 /prefetch:2

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:2372644 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:2372645 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:2765839 /prefetch:2

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:2765842 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:5780485 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:5256203 /prefetch:2

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=batch+virus+download

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+2+buy+weed

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6640 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:9824 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+download+memz

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:11372 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=bonzi+buddy+download+free

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6164 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3876 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=the+memz+are+real

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:12568 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pcoptimizerpro.com udp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 50.63.8.124:443 pcoptimizerpro.com tcp
US 8.8.8.8:53 www.pcoptimizerpro.com udp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 www.jqueryscript.net udp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 cdn.jquery.app udp
US 104.21.66.214:443 cdn.jquery.app tcp
US 104.21.66.214:443 cdn.jquery.app tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 static.hotjar.com udp
FR 142.250.179.67:80 o.pki.goog tcp
NL 18.239.94.85:443 static.hotjar.com tcp
NL 18.239.94.85:443 static.hotjar.com tcp
NL 18.239.94.85:443 static.hotjar.com tcp
NL 18.239.94.85:443 static.hotjar.com tcp
NL 18.239.94.85:443 static.hotjar.com tcp
NL 18.239.94.85:443 static.hotjar.com tcp
NL 18.239.94.85:443 static.hotjar.com tcp
NL 18.239.94.85:443 static.hotjar.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
IE 13.74.129.1:443 c.clarity.ms tcp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 google.co.ck udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
US 2.21.72.73:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:80 www.microsoft.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 static.hotjar.com udp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 18.239.94.85:443 static.hotjar.com tcp
NL 18.239.94.85:443 static.hotjar.com tcp
NL 18.239.94.85:443 static.hotjar.com tcp
NL 18.239.94.85:443 static.hotjar.com tcp
NL 18.239.94.85:443 static.hotjar.com tcp
NL 18.239.94.85:443 static.hotjar.com tcp
NL 18.239.94.85:443 static.hotjar.com tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
NL 18.239.94.85:443 static.hotjar.com tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
IE 13.74.129.1:443 c.clarity.ms tcp
IE 13.74.129.1:443 c.clarity.ms tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 play.clubpenguin.com udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 answers.microsoft.com udp
US 13.107.246.64:80 answers.microsoft.com tcp
US 13.107.246.64:80 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 answers-afd.microsoft.com udp
US 8.8.8.8:53 cdn-dynmedia-1.microsoft.com udp
GB 184.25.193.234:443 www.microsoft.com tcp
GB 184.25.193.234:443 www.microsoft.com tcp
GB 95.100.104.22:443 cdn-dynmedia-1.microsoft.com tcp
GB 95.100.104.22:443 cdn-dynmedia-1.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 consentdeliveryfd.azurefd.net udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 mem.gfx.ms udp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
GB 184.25.193.234:443 www.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
GB 184.25.193.234:443 www.microsoft.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 aadcdn.msauth.net udp
IE 20.190.159.73:443 login.microsoftonline.com tcp
US 13.107.246.64:80 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 answers-afd.microsoft.com udp
US 8.8.8.8:53 consentdeliveryfd.azurefd.net udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 mem.gfx.ms udp
RO 2.20.118.102:443 www.microsoft.com tcp
RO 2.20.118.102:443 www.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
RO 2.20.118.102:443 www.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
RO 2.20.118.102:443 www.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 8.8.8.8:53 google.co.ck udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 softonic.com udp
US 151.101.193.91:80 softonic.com tcp
US 151.101.193.91:80 softonic.com tcp
US 151.101.193.91:443 softonic.com tcp
US 151.101.193.91:443 softonic.com tcp
US 151.101.193.91:443 softonic.com tcp
US 151.101.193.91:443 softonic.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 8.8.8.8:53 www.jqueryscript.net udp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 static.hotjar.com udp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
NL 18.239.94.35:443 static.hotjar.com tcp
NL 18.239.94.35:443 static.hotjar.com tcp
NL 18.239.94.35:443 static.hotjar.com tcp
NL 18.239.94.35:443 static.hotjar.com tcp
NL 18.239.94.35:443 static.hotjar.com tcp
NL 18.239.94.35:443 static.hotjar.com tcp
NL 18.239.94.35:443 static.hotjar.com tcp
NL 18.239.94.35:443 static.hotjar.com tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
IE 13.74.129.1:443 c.clarity.ms tcp
IE 13.74.129.1:443 c.clarity.ms tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 answers-afd.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 cdn-dynmedia-1.microsoft.com udp
US 8.8.8.8:53 consentdeliveryfd.azurefd.net udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 mem.gfx.ms udp
US 13.107.246.64:80 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
RO 2.20.118.102:443 www.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
RO 2.20.118.102:443 www.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
RO 2.20.118.102:443 www.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
RO 2.20.118.102:443 www.microsoft.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 google.co.ck udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 50.63.8.124:443 pcoptimizerpro.com tcp
US 50.63.8.124:443 pcoptimizerpro.com tcp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 static.hotjar.com udp
NL 18.239.94.113:443 static.hotjar.com tcp
NL 18.239.94.113:443 static.hotjar.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
NL 18.239.94.113:443 static.hotjar.com tcp
NL 18.239.94.113:443 static.hotjar.com tcp
NL 18.239.94.113:443 static.hotjar.com tcp
NL 18.239.94.113:443 static.hotjar.com tcp
NL 18.239.94.113:443 static.hotjar.com tcp
NL 18.239.94.113:443 static.hotjar.com tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
IE 13.74.129.1:443 c.clarity.ms tcp
IE 13.74.129.1:443 c.clarity.ms tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 softonic.com udp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 cdn-dynmedia-1.microsoft.com udp
US 8.8.8.8:53 answers-afd.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 consentdeliveryfd.azurefd.net udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:80 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 mem.gfx.ms udp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
FR 2.22.57.219:443 www.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
FR 2.22.57.219:443 www.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
FR 2.22.57.219:443 www.microsoft.com tcp
FR 2.22.57.219:443 www.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 8.8.8.8:53 google.co.ck udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 151.101.129.91:443 softonic.com tcp
US 8.8.8.8:53 answers.microsoft.com udp
US 13.107.246.64:80 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
FR 2.22.57.219:443 www.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
FR 2.22.57.219:443 www.microsoft.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 2.22.57.219:443 www.microsoft.com tcp
FR 2.22.57.219:443 www.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 13.107.246.64:80 answers.microsoft.com tcp
US 8.8.8.8:53 answers-afd.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 cdn-dynmedia-1.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 consentdeliveryfd.azurefd.net udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 mem.gfx.ms udp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
FR 2.22.57.219:443 www.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
FR 2.22.57.219:443 www.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
FR 2.22.57.219:443 www.microsoft.com tcp
FR 2.22.57.219:443 www.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 50.63.8.124:443 pcoptimizerpro.com tcp
US 50.63.8.124:443 pcoptimizerpro.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
US 50.63.8.124:443 pcoptimizerpro.com tcp
US 50.63.8.124:443 pcoptimizerpro.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 www.jqueryscript.net udp
US 8.8.8.8:53 www.clarity.ms udp
US 104.26.4.155:443 www.jqueryscript.net tcp
US 104.26.4.155:443 www.jqueryscript.net tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 static.hotjar.com udp
NL 18.239.94.121:443 static.hotjar.com tcp
NL 18.239.94.121:443 static.hotjar.com tcp
NL 18.239.94.121:443 static.hotjar.com tcp
NL 18.239.94.121:443 static.hotjar.com tcp
NL 18.239.94.121:443 static.hotjar.com tcp
NL 18.239.94.121:443 static.hotjar.com tcp
NL 18.239.94.121:443 static.hotjar.com tcp
NL 18.239.94.121:443 static.hotjar.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 104.26.4.155:443 www.jqueryscript.net tcp
US 104.26.4.155:443 www.jqueryscript.net tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
IE 13.74.129.1:443 c.clarity.ms tcp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
IE 13.74.129.1:443 c.clarity.ms tcp
NL 18.239.94.121:443 static.hotjar.com tcp
NL 18.239.94.121:443 static.hotjar.com tcp
NL 18.239.94.121:443 static.hotjar.com tcp
NL 18.239.94.121:443 static.hotjar.com tcp
NL 18.239.94.121:443 static.hotjar.com tcp
NL 18.239.94.121:443 static.hotjar.com tcp
NL 18.239.94.121:443 static.hotjar.com tcp
NL 18.239.94.121:443 static.hotjar.com tcp
IE 13.74.129.1:443 c.clarity.ms tcp
IE 13.74.129.1:443 c.clarity.ms tcp
IE 13.74.129.1:443 c.clarity.ms tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 google.co.ck udp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
US 8.8.8.8:53 answers.microsoft.com udp
US 13.107.246.64:80 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
FR 2.22.57.219:443 www.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
FR 2.22.57.219:443 www.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
FR 2.22.57.219:443 www.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
FR 2.22.57.219:443 www.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 50.63.8.124:443 pcoptimizerpro.com tcp
US 50.63.8.124:443 pcoptimizerpro.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 www.jqueryscript.net udp
US 104.26.4.155:443 www.jqueryscript.net tcp
US 104.26.4.155:443 www.jqueryscript.net tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 static.hotjar.com udp
DE 18.66.102.106:443 static.hotjar.com tcp
DE 18.66.102.106:443 static.hotjar.com tcp
DE 18.66.102.106:443 static.hotjar.com tcp
DE 18.66.102.106:443 static.hotjar.com tcp
DE 18.66.102.106:443 static.hotjar.com tcp
DE 18.66.102.106:443 static.hotjar.com tcp
DE 18.66.102.106:443 static.hotjar.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
DE 18.66.102.106:443 static.hotjar.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 google.co.ck udp
IE 13.74.129.1:443 c.clarity.ms tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
US 8.8.8.8:53 play.clubpenguin.com udp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.196:80 google.co.ck tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp

Files

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

C:\Users\Admin\AppData\Local\Temp\CabB933.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarB965.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bl977i7\imagestore.dat

MD5 bd97e3457583f0484e88751447b71419
SHA1 5b9619fac9c7a559786e665cb19f7a962cda3d74
SHA256 d885b3cbbcabcb8b5aac2ec859b3a9bbba4fb71c83917fe792d6a58360732893
SHA512 af597cb33d10e50c5ce077fdbe045a184653f2bd7967b16ddd62608a0b21ecef50046e1bd2fab201e8067be8094a87ab173ebd932094b6c11c4b8cd0cc21027f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\PCOP[1].ico

MD5 6303f12d8874cff180eecf8f113f75e9
SHA1 f68c3b96b039a05a77657a76f4330482877dc047
SHA256 cd2756b9a2e47b55a7e8e6b6ab2ca63392ed8b6ff400b8d2c99d061b9a4a615e
SHA512 6c0c234b9249ed2d755faf2d568c88e6f3db3665df59f4817684b78aaa03edaf1adc72a589d7168e0d706ddf4db2d6e69c6b25a317648bdedf5b1b4ab2ab92c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1816747ee3ff93a04ce7764229d3d323
SHA1 0dcb1036c3cd581212e9a9dcc1923c3976ed2b84
SHA256 40e4434a367b689f1ae47d60c2f34b4e4358edfabdfda79c966f5f656e7ba0fc
SHA512 fb6fc305c5043bbe4a9356c0592f4404318473c957560699dc877b32c3e4c502b107768fb694cfedb0e80d289a3af113c268ef77933f35f4f26e2c0379e29fce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa626f463355727970b532198603ccbe
SHA1 28ffc2afe2a21d17c36b5f9beae0e14c25c25242
SHA256 2d641654172f9f7bf21857547612349d19e93fa931a0af4907995523da784594
SHA512 6e28f8a3af83526cfa50b8af776db91c9e7beb5ad5826001f727e392384b3db04817ca27ecec93b8adeaad5f905de963ee4ebcce2f02d91acf003a9583b51502

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf65fe696ca46eb0f074502bf8c7aa6f
SHA1 df251b57f5285709df709a4a985a4999e66d2a2b
SHA256 b97a6e6c303d6caed64a14b8539cbfbbb1a6ae6db5506d6e607d858ecee7cc86
SHA512 d45c215a6cb22feaebaed0a0bc5d6ed25a44d5182d9d4ef44f80d151028e3a083c501fd370eca40af7e58cfd7f9fa1de488765efc892bc0238c1fcb48f923e6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9235ea244ca232b013bf3701445d982
SHA1 0d95c1b992e89876e5f0e1605c9f88592b98c127
SHA256 9b7eb2e6500953b4abd6ee87abb41b12320c2faf8f30d1e0904344eba3134d38
SHA512 fa1586afd37ce46b8eff98f070502def27d9ff5fafdecef8311c72e4dd92cca4cfc6ad43fca5b5b2d53107aaaba757c86300da1c22e955cf154ba8128b68b293

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 344f35338f1e20a46ba33dc45bf76a12
SHA1 f6bfb8cb4db6c4540769d848b91198288cb5946c
SHA256 79348c096f16b946878d37d1189522b4b9c315e194aa6071cc372f1ba5e2cdee
SHA512 303db86fd0ad2f143533081f6d0b6409884017e48e5bbb86e8128e2a8254bc4e07489dd1c866430c5a05ac85b53773c466f53c7b194e43ca4177e6b084e0bc75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a73e7cd849f41d8b1c87d1b221069bca
SHA1 719376b521e18e3ead34515be20143a307336c0f
SHA256 49a53b781a7b1f2d8a54210cd965fd736e2a74356d2c99018cbe86d5e15e1714
SHA512 ebb56c5267120028cd218ad6babf3c7c36d321c42f89f14b7750b3a7baa2bf6d1f3e762aa6542c24a40664a6317a6dcb5c70de68c5e28f84d728a42b22fd0763

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbb1a9739b047677c1074d8586a3c2aa
SHA1 d42cfc26c03c7565a67ab7ec5fe10e7d49748e09
SHA256 84ed676717250e6279c188b55d59b24a6fb8bd5913ebb1c3231f5a03eb2517d2
SHA512 c5a52c1bfff9709c4cb8c835b072c273014705cdbf919c198a390afc103da38be0e390280f1fc2461c3e54e348c2b6f52464ad3cfc7da9dcb60dcb57346b9ac3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c9c45df006c03743b05e9c08a3b6c07
SHA1 354451c03b9776efb46bf8173e248d3ac33998d1
SHA256 ab6f52f9159fa387bda1b3824519e2d7b51cbb82b3655aa9c50f2844fe20b933
SHA512 b4b92d6174a310c8855e84a0c01ea9cf61f3122442d4d75f303d29eab41ae8201e2bf9fa85827b13ffbbd6e2eeda8a507f05fa23e43d4d416564773da69234f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d48a10b730264c004f2b33fa6b8017e0
SHA1 2f7a46efaeaed2b6f03b07621771be74413bd4a0
SHA256 ef24c4e0207a2b51e5f951c9510109fd8f054178fe0cd1857d46610b0551c999
SHA512 8c994a5775d05021ebaf2631095ae46ddd353800134e4422c7c0274b46ab314c2d4d3974e064b1011b2fa976f74c5c3def592465d691cf1dc4faf39a83d63794

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a226bee92784b5ba900872992b18c553
SHA1 080a6a4a8d10ca2b450ab1c23473841f2d1e560a
SHA256 6ad02884de782a1ed23d5e1acdb498c44a164475c761951f20dc9a85aed096d5
SHA512 da53d9922837f154010600eb104fc4148841fcd5fcb41b65e66cbda158bb1ae293cb4d8e3d99317490ad456b961492f93c7f11e426e2b7b6a8dca9dbe93ccc21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4c19de1862e1a611b8ea42ece3c3b09
SHA1 51026b9081cc98afd06428eec4c9d1843accf939
SHA256 beb9efe1d813397cbabcdf048ecfd7e6f97a3079fdbb52b44acfccca9575d19a
SHA512 f2341641da1de6b59517d82cd62402414ecee4556982fc4d31e71fd6e8bf54726d08c24a6cf6d3541448718e1bf21cebb1b0f867588ee017c154da51bdf634b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7472e857e37637bb437020f5f551d98
SHA1 350d901e2ac6acee1ff834f36e1ae3ddf7b433fe
SHA256 e1e3d7e88aaafa7d15a20b12c668988c2b9293a9a1cd9bf1833ceb884489867a
SHA512 ad8989c38b4abc77ca7367cb8f94c33f157d0de8968904bbeab3eead08af564ade9af5cc160a19ffdf9c0ae0755fdce6f987f62c14a0a20ff8920382aef85f17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7ecbaea265ae867fd0f5fad12d9b18f
SHA1 23d85c443475e5a6008daa5d21077dbf3ed30489
SHA256 6bdc5c41288da54ac3e32a23985d4b11eb0e37f81dcb5f14bf216b2598d9e758
SHA512 89ccd1b4413be96d1b22fb85ad5a6d84e5de17602cd2dfe166be716649c29855ed772accd3eeffd6069d561a20ed104ca24399c0c6dfb842f039db03dd46007f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fc2c7706613e3cf73d23a92e1148574
SHA1 ff24608cdfffd2e3bb8acb787cf56851d250a705
SHA256 0a30bbbb701e49062383f346199576a686a6e3bac2f35c1f67719ed2dd612a33
SHA512 2f58fe43d720c366c5bf52d27580a93e14a8b733b7f9bbb46a2b44fbe14ec9ac5755f13a5c25d952be0bbf6e0843d2e3cbf1fff4d167d67fbd2e7e8d317de9a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e74b71bfb9f5c36c12d606fa0045a8ed
SHA1 3c85d1f3fc3f4c69b72e232e5de8fe66f2ea4d5c
SHA256 4c9e204e0135f150af3f65cc1c5f9a15300051b69bad6eafdabef4692172e474
SHA512 72a0fa68ba68e1bf92dc4f512918e906babe71d60f45a9e85e7086cdc610fb357766794f071585c2bbf0d89f8d6861ed223a17fe7ae2dd0499ecb537e38fcd15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c73fcb27138e5d66c3bb641564ebb5a1
SHA1 2966ad71e70180e95ea0206114ba7ea29084fa4e
SHA256 0785ae70cc62e8b1b139951e47e6f2a7cb01b3255f4fc20b3c3cb611af756485
SHA512 1803d2b2d0e70004d2fd211c89931b287fe61366227b641e2f23069d82dbf74bc3ff1a70ebc8a6ee73fe5f4d82be8bb2f25bfc06ce4962648fc3b8b9a302d314

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afa4bab81ae3df3c19dc9bd7ce38d42b
SHA1 5051585e9a76b940f18b9bd601274282650bfc7a
SHA256 90cd1915c7becabba5f69161f6c1493ca46607d3477b53a4cdec7313491322bc
SHA512 18eeb29e60f2508c5232c865c37dba32a76dd88b81f6a3bcf304ec82ed5a719c42a00d6d6d3acd75ac5175568a47d1b5831ee449ec201014919cd81460f889ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b928b98e74a24197ac11e490802f7af
SHA1 e9a0b9a9d2821733541aeec29114f5b6d2a192e0
SHA256 4a25595078ce532c0ddebaefdcf082a21f8b5ace6d48858a3f821b0c6e6cd802
SHA512 eea56ccec8e7b5f569d6b6b3334c774b0501196f212175ff57d9fc3cf659502d82e198c462341fb0c476c90354de5687bea7cd2d31e1952c157798ad7a6a451b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb4ff1f8379a958bc941dc9b07e4de44
SHA1 654c387df7a631e8b3b2c2c34dc191bd7ab8f23e
SHA256 7c41861d309ff083ad9fa257cb33e78dea86148388ad8b505050e49912ec3f2d
SHA512 533c3377c955b4569f81d5a16f7b937de66d05b225e97ac5354917eb597bda926492574f0e5ba3ccbd5382755af8c1c8cced1c52e320c28d6d655413dfb011e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3522cde218bf29c5c239c78c9366c18
SHA1 a8b6c47ba9d740f7716cf084d68b6afe82991384
SHA256 bb8abc25b05ce13e9279805f72c841ff227f01e1dc02c7cef910b82e0179f054
SHA512 762d6c653faf0de420471adc0b3013db335007fae8973a0f5087cce0e7ce0158a7527d5db1e5cf5400bfeb093e4fcad23c932b54a1cf1989d4c40ce3fb2717f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 c53229196ca27aaab6a229c4fa5d4e89
SHA1 9d228331b0806674208ca285baa4aaf035f836fe
SHA256 a3ff43d34d5874b629fe37ff89d156c86e98ea752df67170960a3507bf92f41a
SHA512 1d3f3fbb37cef7820a5b7353a8e1b56dd415bf2240d4db863b110babe3fa93c7cb320b998b320d697a801900fd59561a7f6ea7b5172084af49ff4a9bff4b5b2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ca56af0c04c5f9db4fa4f692c26459f4
SHA1 ea7091b3fb90a0e5d87aa60fe77f5ad427fdee9b
SHA256 a4055c5ba8d83623c48da8ad1b14d9d41451e3fcf7fecf11a1b0287229ec018a
SHA512 5c280f885a90c1f1a65748dffde7b99cf238b9ef0014e19629211f1d4652c2207e03030421827d04f6281b84c275a9df701c63b84882c70205860b0be54ef4e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 1b4061c90fd7112651afff281ec490ce
SHA1 e1cb33a9a2ba367b9a85da0c3e86957146ef41b1
SHA256 15d9f03f96cf007c5f88e3c16d7715888812efcccdf8695843abcef67bc48b6f
SHA512 aef779c2c27bbf651adf4408cd675efc7c336d926f083131a0bc2257f717dc4de37d8d2031dbe6d6c9844f150eb578851087e5cccd0c6d3ca891457dda660065

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 021e6ec99f1352ed06df4bd92811c33e
SHA1 aaebf5f77da6931ceaf01f1e0c554ce1eb9e5e94
SHA256 84ad2231ede19f312f24c013bd6d9d788c9ed30388209eb58e5a880a6f2e5b9c
SHA512 4ef7e8269260bfa3e74c0b885bd9b3dca5e542d477ace509fdd590e9709037d6611820fc2b9517159071b28e58077174bd4f74446b3393fb1b2a6d82ec7e96e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_8DDCD35A24056C64C2C0E96C78DE15C1

MD5 f0d461be2383de00b0278a7baa6678ce
SHA1 85d3f600981db6ddb79afd2aa924e3619bad62c3
SHA256 9d077d460df3070f1b9be4bcbc8ecc1c739387fd3bb46e15590ec2933fe022f8
SHA512 ff07434a099aba78b4c0c48f0ae24295ef5c6404831697e9522d0a35ae3389cbe798a7ef8950e8f1ba9e9231f20e01d0ad2dc9e9dc5cb4ea55d8b9f8d8dff1d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_8DDCD35A24056C64C2C0E96C78DE15C1

MD5 6fbcd16a5863e21baaf23f9dd68e0f69
SHA1 1b4fc8cf8afcdba820ed539a4c232c40de97d9c6
SHA256 7eb39b61971902495855611ca190c457ffd59824c1b6af366a178a2acf843ee4
SHA512 1c20e5541c1c986398bee5184572c6c69b409b60c69f2ac8653243187dbeafd8acb7743e52af69b8f418ea40cd983aeffc0142332bbd4578b175c3755d8c450c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bl977i7\imagestore.dat

MD5 ee012a2e6af63fdce523204f45a35685
SHA1 24089fc905c0c111a330305f1a825673a3622253
SHA256 10e20dc1b472d7f95e6a5a357aa7abbf7a1d2142676eddec1d3fe33d9d5388df
SHA512 7807e42ffcb5861b2b9c598dfe1dbe79301e42dff2072cffe64721e2ecfe4f000af2da68557ab0a826e45924311a44a54f5129b3e63828cdd6d854fc8fd38895

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\recaptcha__en[1].js

MD5 81697e6cdd98e37117d7bddcecf07576
SHA1 0ea9efeb29efc158cd175bb05b72c8516dbaa965
SHA256 73dd640564004ec8730e7f3433b9dfaa6876ac3a27e6964a17834f07f6d56116
SHA512 fc29d4a1fd39a7c78b7f57b221596acee9b805a133ce2d6ff4bc497a7b3584ab10e3d4ffde30c86884f1abeac7d521598ebda6e0b01fc92525986c98250fa3f8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\styles__ltr[1].css

MD5 c8bc74b65a8a31d4c7af2526b0c75a62
SHA1 dd1524ca86eb241b31724a9614285a2845880604
SHA256 3b457e0acfb1d231461936c78086c9ea63de3397cbb019c4fe0182a645d67717
SHA512 4d7214ac44475cb4d9d848d71caee30a3872cab3957fbb26a0aca13db1933cda1e9799938ba1460581483123dd6f81c3193bbc80989cba7e555f308c212841ae

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FE874RFS.txt

MD5 31fe3067188b6b2ec315832eba0e4bc2
SHA1 f73c3d93e0b6626e0bcf0148d41d1858cbf76481
SHA256 9c6f954d2f6064f927ec1fd1d4649d00f5a6cb9e7a8e040a14be07d7f18b41aa
SHA512 1100585d5ded144c2cbd0e1106586cd6c49f8cea93137d567a12ca604df831afd9b4d60d085daa8fe821caaf606895a6cbd739265b1dafa24d9e6bdaad76ec72

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\api[1].js

MD5 9a7730f4a9a8ea6aeb1a51493b19c248
SHA1 8e1bddd7332f16b21514442022da22c56a009596
SHA256 19dc0943a446be7f0d9d6e08ec9541c1c9996840d43b1e9aae42da4174184a09
SHA512 c2c7830ebbfeda0107b6ff4e9aaa8916ff17ba9c0a3a1337d840e4ed6e47e987048717372b4605715e8ba94fca156421e40e78890473392597fbe98e5c0ecd26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_9486133ABF2044576703FBB79B3D8117

MD5 391e29c4f12d6149a1903dc188fbd002
SHA1 44a729f767d675b6369170493e141dafb7dd8d6c
SHA256 85a728ea3b1985e1ecc6290234d70f1d0f225e6cc35538354788c274d9f8392a
SHA512 8fe10992ce610928177447113e36f0c07e1d496b5a41dda664304120d8a18126aea42ecbd4d9f9802956f35ebb52c79e6fef5fae7d9ac64f9957b312fc947a4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_9486133ABF2044576703FBB79B3D8117

MD5 22222512256381d408664a119a36bfd1
SHA1 0e5548a659907b7f1dd3bc46b4158cb0c43188c0
SHA256 7055aa453a3d151db506706c915f33ceb4e6f6635d581fef34e05cfeba64f6b0
SHA512 d63e4bcebf35cd42047668579ca674a3b580481b2717d1f83fdea773117e2326f5929dd25089259426bc71278a96feeb3826179d691feeffc962e75912e33502

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a30c6173df9e30fb40f7efda57208ab
SHA1 3233202966b26477cde9d9e2aa995e71389a9cbf
SHA256 79776c8ceaa8fbf499049ae49274c819a4971969da97966c43708bcb94a25cbe
SHA512 bebc29bb711898ac69ffc1fb29f19d8623affb8ec3b8f5575d9bfb2cd92344d42180274edbe34149f0876d6f77461b757c11a24a87c746afecced322cb40bbf5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\KFOmCnqEu92Fr1Mu4mxP[1].ttf

MD5 372d0cc3288fe8e97df49742baefce90
SHA1 754d9eaa4a009c42e8d6d40c632a1dad6d44ec21
SHA256 466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f
SHA512 8447bc59795b16877974cd77c52729f6ff08a1e741f68ff445c087ecc09c8c4822b83e8907d156a00be81cb2c0259081926e758c12b3aea023ac574e4a6c9885

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\fRwAWOYR0sZ_DK6a62ksuqjc33yP5zywIS6rjn3kgRU[1].js

MD5 4b6daa0bcff92925cd864ebe7ff35ae5
SHA1 a31735731b1bb2cea0b4c0d72380396424a0d4bc
SHA256 7d1c0058e611d2c67f0cae9aeb692cbaa8dcdf7c8fe73cb0212eab8e7de48115
SHA512 fe36c45c25fc48510a722be53d4aa4eec956629eac88d8cdc1c18f8ad425c510e2a74cd1ddfaeedd230868de00d466918bb6710747e4afccd09735caf9002633

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf

MD5 4d99b85fa964307056c1410f78f51439
SHA1 f8e30a1a61011f1ee42435d7e18ba7e21d4ee894
SHA256 01027695832f4a3850663c9e798eb03eadfd1462d0b76e7c5ac6465d2d77dbd0
SHA512 13d93544b16453fe9ac9fc025c3d4320c1c83a2eca4cd01132ce5c68b12e150bc7d96341f10cbaa2777526cf72b2ca0cd64458b3df1875a184bbb907c5e3d731

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf

MD5 4d88404f733741eaacfda2e318840a98
SHA1 49e0f3d32666ac36205f84ac7457030ca0a9d95f
SHA256 b464107219af95400af44c949574d9617de760e100712d4dec8f51a76c50dda1
SHA512 2e5d3280d5f7e70ca3ea29e7c01f47feb57fe93fc55fd0ea63641e99e5d699bb4b1f1f686da25c91ba4f64833f9946070f7546558cbd68249b0d853949ff85c5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EG5O84FS\www.google[1].xml

MD5 13f0c7d0d203636cb5b2723a2f67cbb7
SHA1 c248b3914309c9e1f4a65740d964023d135a4c42
SHA256 f9ff1e9afc1df30b4cf0f649cc3bfb15c6354a47d998e75aee8b7e17789b8e40
SHA512 1bc8c449931b7f1e105ab0c89d6f0967d1ccc9d825788cd30baad23f5aa3308057beda53ef1a6a4e40c96223a3f1d99f6962029709ec6a052b3be4ea22f43828

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\webworker[1].js

MD5 f56bc8f23c3b3a667e0f3096f87dd792
SHA1 9c064bf7e19a1da889286cf59e260c3e7c61bb5a
SHA256 0474c582af94690bca87dce1b9dc2c42d26c4aa831bc03a1e11ee1a169b211e4
SHA512 3200cf8a5c4622369f1b0bcb0b35ca875f41bfaa7399dcdfc33cc690c921e978d9b3baabef615d34b7d599d4131d40e374d1914f493cef70f59cf90c772e60a2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\logo_48[1].png

MD5 ef9941290c50cd3866e2ba6b793f010d
SHA1 4736508c795667dcea21f8d864233031223b7832
SHA256 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
SHA512 a0c69c70117c5713caf8b12f3b6e8bbb9cdaf72768e5db9db5831a3c37541b87613c6b020dd2f9b8760064a8c7337f175e7234bfe776eee5e3588dc5662419d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 87afa49d1ba0e9652b817f2684ce37d1
SHA1 13ae7f6e6522e77aa06e28a70ea1201910cf2d0f
SHA256 38c3fb5508e7c08ab9d0337ce10baa4a38b5a171504cdd4083bd0b6daa5d3e73
SHA512 afb3d3258e9c89775c52454d91192fbb059d25749b40370fd6a1ebd9110a113f4b790e98bb1a24d0bcf1b8f0c4add67f1b287885c7185a00252fa0bc3b0f41e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b5572957869f39b61e2d55968849551
SHA1 aed3c0a656a6df54f747c8f84efb7be84a4e5ca3
SHA256 c73c1ff267e67b01a5027e21dba41a1b5c562faa12b5a40059eab6e528c4a2fe
SHA512 b491f54d58bff5a0bc18e007e84e957e46423ba6b75837371210d440741f2f720386b43d1f075a3e1d3d6cb47118f0be40a446de8ea3c75fb26e4eb01cef930b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a97e8029ef4a50e4fd1c1faa0a0ca214
SHA1 354cbf850603278742ab1245a506e88ecc855b2f
SHA256 6fa95012803d6746955900cd00e3b4b73c30cdb135928e769cc08f28ce2dfbba
SHA512 05811b9761611cf55174b7dcb5861ea70398e0373a6a7a30b46dc1b93a01111b44d228545f6a940649cb67fba7b29993fec273ace3fe367a609a49753354fbff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56f0151ebbbc1fe1a7219b5fdf46abdd
SHA1 c79f2c8a19572bf5edb877ae733c25848c094c7f
SHA256 e17e93efd6a895474614c2b827c9a374d3655a460e3abfb00c042717287c3905
SHA512 235140a602a46adea7fd07667e209f4ee7cbe0c23f6fadae83b1700b52e1715358abbb44efbb6eae5cc7a8b1be6ee8295b6c1cb3c65cd07798da1a936bf24fa6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e9979e49d049d8ca82ae740c49bf434
SHA1 ea106dba6b67f2bbf2fd15c4c9607c60f832cdf7
SHA256 65864371661436ece7f62c097d34dc75d9b0363d82f15f4eb88a88080c1d6d75
SHA512 33d0a07085fd818db222b19e49f3feaa09a3fa3cd2666666e903268e128df759e813e9ed359b476463bf61426b1a3cf0ea61257e4c87b4d32e9ecb621410c30b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 965b0a0240447cbffad4b548b9cfc62a
SHA1 905ab32a75ec5c5787e093e03534add71abb00f0
SHA256 93582e7662d6d8304a2209940da2b2918baf51b4d7f9b5c9e19f423f1504cd8b
SHA512 fe7c7b71e74430931ba2225f8b08efd3432f9e890c119f149cc930b35392aec948796f1bb095bc81067f6344af1bbc17a93f30502f0df31c5e104604c4142123

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6567f534426de56bdeabf806b300515a
SHA1 ae6880df4754ff24ac57cf64575d148f31da22c4
SHA256 c2c8edfcef596201fe3263d5caf63fb210a41b28592ca7b46af548c51f4e120f
SHA512 655133b0639ec15569a3bfcad69aad099884f7367e948a5cd05129f3bb25842eb28b8cf03adf4178b37ea8216c1fd3af256dcc0fb6d1868d9fd7f6d81ab2d00f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 eb6f61b77b406324e33d1645321bc013
SHA1 252b8defbf1a6d66bffdc3349548343b18ec8fac
SHA256 f5f629a0da27cfded5b37b3199791ef476a4f902246690636d2f6732ecfd25f6
SHA512 0ac98c8d2b54904bcc781a9d495968257af368322c9bc78429c7cdc65eadb914599a4f71dde748bde20644922d8d3f0cfcffd84bbc73261bd7178bdef2291ce7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f39316e0a7e11d6226f1ff26f308dd9
SHA1 adb8719f23174576e7ec037b741ef1fc9471370a
SHA256 2f4fe3ba7235c7c5c4dc69f050f9bea22f65b9bd719c1bb41f32ffb1581e4472
SHA512 65834966810d694bcf26aa24f82347a427b186d47fd04cdc019a52f56576313dee9202598394afcd49d7b7343914ce56cab2f504e3313e677c3bb3da80db2fdf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa051251d556ef737fd8fa7ccbb30674
SHA1 d0f429a630e5eba3ce379dffc4f13108c3f83e5b
SHA256 4b4a55bbdde36838c35be4ce030163074da5c438cf954fbe4e827530b1454512
SHA512 4e63fa96323407481cad8f199cbabe2d500dc0eda5da5f74bee388a672e25dabc8272c35f1126507866e4ff5e6d33317d1fb4bd58be591bc73299742ef8725f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3625e45962f8b85609246f3094f525b
SHA1 7b224832a4989c3acfa4f427df7a4bfb92957a28
SHA256 11a219e4c7cdf23f84643b74328c8152fa6819ef7cb285dfd62ba3627982dbb8
SHA512 d9c740dbb4aa8447abe81ba171d9d83268d6444afd7302c17b723399402ee0e8c1bb31b04e5fc60e4805648c8184015592689425ba5b09c89e253ba25c96b963

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8HJ09YAS.txt

MD5 78183d314be3ccbfeb11ad5485a1b720
SHA1 a76600dd90e371caeda0eb579c821ede540943f8
SHA256 021a1d193a8e1bc5802a1d28a5e63dd702e78f6adcf4856fe0677f10241e9c93
SHA512 607d8b90377f99597136905735cb2bee107b77e5c4ec0c703a03bab59a3cdbff46eb70473deb142afff5ecfa45faf9afb9e7239f76c2114d282124c0d6d1ae39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a67d499b884030ef77a77a8fd390e43
SHA1 95dfef37c72f6be1f91e33632ffed5024463d789
SHA256 87a1ae7c8ba67c9e7af07a903645b990c38fd4cf5e31753c8e68516362565dc1
SHA512 52e51c7bc1859da228277ceb55d85fbeea4e1fb146c8cc262b00e255ef805f69e28eb93f7b16db348f09ca52228fb24b69377a412277595ce271b934207c8b0b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MZL4ROHO.txt

MD5 839a448c22769b51a6742f6c7aec89c4
SHA1 65d8c3d18de4e639e77b74bcfb9391f7d3d71913
SHA256 461dec09e7d27cf67f967d62d3736957961092b4f289d8c422d3331c3913a0c5
SHA512 c9442920d70732f6d0fb3c020ccac8e06ec0250b090aa8956ffea4312e35dc36ce7bc4ca6b2d7aa03ab8ef125cad72871cb79d9069de73929ebdc7dafe6427ea

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0FEAHD5H.txt

MD5 09fb5138beb9e6a8d201e3dded54ba7b
SHA1 dc14c77942031e74eda8e731e283d2b6d6490544
SHA256 e72db2f879858af0b7e5485c228795db538b20ece34dcc07f1b55fa788db565b
SHA512 def10425d206b8f5232204dca55c087d2e5ca4de3938e2ab156d105ffb4d0ffd4704160a5c7cb070722f3f94ccebc1cc25ee670d9a8b18a0a4b2459ac975b7f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d527a584c4eb01347b6c5cfa096ddfc
SHA1 e6e63fb67d4a65ce94d952a239066af3af50290c
SHA256 27187ae090d609e4ee1549e0d1bb847c41cfdf2ae4cd66edb18af0315336a568
SHA512 d0549658f45e4e9c1ec2701f13b0db7c28abffdd87b86f34229a73de0fe594ec47e741f2374f3402c95cba27f90981f17cbc407118b507b7dc98f0ebc99b654b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3HDZCTCI.txt

MD5 3c0138b5987e122a112c1437fbfcd853
SHA1 4828980be258bc942dde4cc2bc04f9ae99ecc8df
SHA256 34bdd7f6c21547da43f3ba4483214459233340d55721c5ccc7925a61b9351ab8
SHA512 a497d641495828320aaa94f81658c0de5d692185286f1169ebf98e4f88fe9e1fb79b113c7eef54a42aa1019a6622863347c04feb2c849c83c5f2e859cc9796ef

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6YS0V0D3.txt

MD5 f2f0cb98c065bd744287ff7eea3b6f23
SHA1 bf97f5012feafd5ea2dfe8c306e6e5415fc56da6
SHA256 323040c3b8ef86420c644449fee6634133ed955bb4e81d60dfaf12ee854ddc27
SHA512 351b5bce4cd7eb8beaf36a38650bd716a503908e778e2b8a137ec47ea54e5b4cba80dc40ff176e75c555837682ef75ab5fa387c9ea4e8d9f73e5dbba3731bf63

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\7UJULIKL.htm

MD5 2eeb2e0202b1bf9daf39ac6eb1466b42
SHA1 26abaa251ff391b4311c5cfa927be41b09ced5d3
SHA256 66f963290dda5adc89f8ce4e16676df4540d5b8f600e0fecf86e03a4fcfc1c02
SHA512 101659d11d34d4d38aeeb181917a7ab7630dd6909699a018166a9cbbb4346eeb9801c75c57fb67b63f330bd363b7367ba99ab604bdd9f097127474207b871e16

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\2T67XIG1.htm

MD5 66ba9e8ba75d034ab558f011343daeff
SHA1 cce6fc75648a2ca8b9946d622b38439616018f5d
SHA256 cf35f8fbd832369b5c7275166857aed17be301a035381e9b5cc4d44cd1f5e943
SHA512 53f182eb4ce1c4726851c92d04a0b37e34b8aad41470a64ae27b31bbee00cce6631ba6efae747a9c9a48e6e51afe3f506812417621795821c5f52b03943b2755

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SWN1KF6R.txt

MD5 c29b5949f124245cc101364311dc79cc
SHA1 b7bf9b412d31de40366166226da466179d4daa37
SHA256 606e914f9674778c018844dbb1048aeb81fe0524257e1fc8de41c9909163c677
SHA512 c5c689628e9e76711000ca3375e42ba77a286060826ea4cac8aacc1f7542860b672471f19263aa81a2ec6a61a5927ae400577382139ea68a8833ba73ccd9a14e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_34D61B4A2A4AE0D3DDAB879224BCA77B

MD5 4e5198edc1114fc41567672f1eb0719b
SHA1 450530bcb843564f26fe247c6526e0f8e63ff9cd
SHA256 6fe0f102bffe3498d720f63cb17836ef5ca00ad3567c1222b2d22cadd08dad9a
SHA512 6ef1ad07080c7a5f0511c33aac0419fd6c325d0a506241b90df22b69ea7e6fe493c3697b189c91a0c940da019bbfd746ded30695c46fa30b51fffb8abb15f5f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_34D61B4A2A4AE0D3DDAB879224BCA77B

MD5 51b6394ef99f249606317d8df090f521
SHA1 6ccbe0f1a52a0a01c4f0e644fc3ec1aaf79f1fd9
SHA256 cb39415a40f833db9d39b1eaf4a78dabac82a00816c375c03173be8644facb59
SHA512 92eb7b33846193f843beac7a929eb0f41e4bc8b3e395220fb277b0776e852d9c39a30f94e2644247ba3b3e569370f1f492f96a0cfc1ef78fa1ea6e6a1afead1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 05660d30398f29747b6f81d2f48d320e
SHA1 479506a4c651f0d55c54511e61cf2bb9e8cacc69
SHA256 8e5a9012253a5f2cc1ae9f849efb23916e22c53acf7bad2974986930667ffbf9
SHA512 d745e8fc809b3f8da240634f7c27a9e07fc6258eee088058ffa7b6bb23e9532055317e362e9eec770aaf6c969fc709fec6f92250e52c422a907589dbe6f036ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 ad401ae4ec69d7950df75b2fc5d761c5
SHA1 c90a08146b70d6ba363cc118d3f4f1fa77fd2e3c
SHA256 ec2d529177a96aa7fea76edf07d35069ab99081d2af7a231e25b40ba56d59287
SHA512 368115521e21e2cb9e3bd6f6b5eb2e311cffdcfa419d4d3eac757e829e215fd9e0a94f667cd7e1ddb249a1ae30525849a6abad28aca44d38b1e81d4b7150c294

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\PCPRO[1].css

MD5 88b7c6da19faa99cae52c46212cf078d
SHA1 37d7811fb05436cc0976fab9c6cbad9de3e218a0
SHA256 3a82c01b2096f24a9a8c6761994f00f3302ff4c0f0ec2c77bd440ff821afbc7e
SHA512 1055ab6f36668a8589ae94eb30a38a21b07889423e9a58fb5f8a05542bba0c365ff32d50e1c68ee46b0b012da180eddd6bd15b6f518318943e9d16767bc37fa5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\bootstrap.min[1].css

MD5 0d9ad1c31f08421ab3e17bddeec2f0f5
SHA1 56b081079b6a00fd3ac7c7fae826f1e54edf92bf
SHA256 6971181fcbd5975a75b1b9062f5ea652faccbca4bbb995f7f3351697471383d6
SHA512 ad4b6badea519c2120744254926d151804b6ef3a2cf7a8a0ab34c2517a547687e76c9a769043042440f6f7954202b7c09c4a4d1e44ab17d0f27e97bfdcfc7147

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\marquee[1].js

MD5 5f597d4d1b993365c8c9c97e6c7d352d
SHA1 2612a4c82b38bbeebac3f39f4e65562ca42afe71
SHA256 11d0527ff372454bb4f6cb9170e93c245df8cdd10ab335b29a0d05b206e8f456
SHA512 4de5e8d43a813c5894c54ffd88003389de64d003d2d47bdf105d0c31167bf69d83b32c37d15345f4449c7054daa58a94e8a1f6ee14a4832190da7ea76714e2da

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\style[1].css

MD5 6a899616d18af91f7707109eafcb19d3
SHA1 3179b45780ed7dacc49d9fc09b079d6a893e0bcf
SHA256 478cb919a1614c86930cdf7e7607e713ea721a488fbb0b150f5ced5a67fbf40a
SHA512 103319b3ef9180a224689f4650c431fe4cc3b6989925938317cd49c9a6d720ffdba639ea1e67a7a9bc96a24e4e8c134b7d480ec934f2f03365219f68521020e5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\faq[1].js

MD5 506aeb1f4147e9da132cf745d8e9c258
SHA1 7702bc8743e96dab589de1fb5276acb46aed522d
SHA256 4de550096ce0b95effa7331fa701efc6261af28e9c3754c33938ca9bbb459948
SHA512 d559a5f619960640b2e51e8a8a93b6a3501a443343d0c0507eedbf352e8a33726fc10b04955f74c55647b1c48fafad0509e728099d7aa8f17a64a8286b1b16f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\supportlicense[1].js

MD5 cd2ff195838e035c52599c44fc9e4150
SHA1 a82a4f5cefe7e20ba0d293f72788d33a428d78b9
SHA256 247c79b820e0c6f172ec56a6a0eda7953e2860d165f8778e53de5d7c711e3c30
SHA512 2b5efc35e987b4c734134e4486ac26414e29bbd7457715eabefc9c14bd103ac2e9289f2fe47403a28af6d6eb1c869d145341eb55eaf13f417a9c30c26a690d16

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\nav[1].css

MD5 ad2ac2d4755aaab6399dc0349f32aa25
SHA1 4b229c4bcac17ed349dfbc1078802ff22060ed76
SHA256 c4a13e3575326f5c953906dcd15a903f2a72ff419d53f6aa1c6630e07a588396
SHA512 61fef9a206084dc367b3b9a813038312fc500339234a435a6bc1450067ac3fbbd66893224e3cd2ea5a1930721bb0f3b241467dbcdda08f0463f19074917fcdeb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\style[2].css

MD5 b832028d72c7e305874fd0a1f75baf23
SHA1 760a6210f41a85954566a374c7925b6a11c8b583
SHA256 dcf4e93734389f59e6fd8f10a68686e06ed0638ec1dc444d42da8dd85afbc852
SHA512 7fcf85b1aaa934b17fcb58bfbbcb93f037af2a6f2fa74ba56bc4726c4626423963704738730793b883e9b16893fc4c55da2220583fc1d789d713e208f31a4e35

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\owl.carousel[1].css

MD5 d49fbfc6c0444e7c67b2ee7ae284a293
SHA1 986a35e93e719dd08b35c8c8762626ceb495418a
SHA256 c9430ccc20d8d58e10dbcaba36ae11739cf20190424b6f55c0d8cf90241658f6
SHA512 a447a04166c8c9ac037e46646ddd4d686a4a8554f6ffecd71d2bb9e43c5a2e80f3207b73b67b09594a5850a22435ebdf01b9cfa570f6008b163a0d8d7c28575a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\tabcontent[1].js

MD5 f1645e882491b8e9b66b6704c290358f
SHA1 800bdf76515c5a3d7a87079fd2c018b30c1e5ed8
SHA256 4bf48103b3886ec0f395b1085b9fd27cdbb7eeb3ab272b4269ffe91bbe6c9a77
SHA512 1dc0572dd4092d8857dabe1b000c4baabe7d5bccf58af4a09948740a0140ae3b380f97be53d08f2f15a6b74bee5d920bb35dc726c2bb30aa12996c601e2cad5f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\tab[1].css

MD5 e7ea0df6e57d25b257c9ce904589f0d3
SHA1 57d7d657bac6d17897bd114f2db77736e6228e0d
SHA256 7b9764da2d8c28d3b0432ed0ffd11101ef20e3be7356ae4a6b1e58a3967e430d
SHA512 e718017f623d246c0302d3ab9adcd2e7c0c1d578ca8b2b26ac9e766133fff9f95a4f3dc2b3b35d521da4d534a40f2650170178346f7e1d5fba733fed0857c7ed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\media[1].css

MD5 cf7ebf08c98702246680452eeccc93b2
SHA1 c88799ca63168f8d953f419a28ca7eb486808f43
SHA256 590741b58751d5333a29b1bfe948c3269a27f85424f7c7bf0e86337c87a80a96
SHA512 2d5ed86ff065494f24f4f5123e69a9ebb4a4aa075525fadf2fe834106bf39a1fea7e458efb34371a3131e4dc9fc56f56816ffd616536944a00fb653c70e10792

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\pcop_seal[1].png

MD5 50e7c652cf5d57d97906cc8c89cccec8
SHA1 b44c48b98c90686ac69762412e87099693cfe308
SHA256 17fdc0f29e08e58b3157887e3d01f54eb089ceb07ee1f11e7c23b8aaf24d17f0
SHA512 5b9f0ed5d62b92b85a56b3d3636f5b3f2b00b7c0ad1a29a7a8a15a9d41ffc09230c71631d50a8912884e64b6aecabfd88a41eb0eba41a7590a6979cf71ec4668

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\System%20_Info[1].png

MD5 13d8a66fef5c774577a32778f9d33cf9
SHA1 1d406f9c51f713c0be6fe68ef31a7e256ff1e12e
SHA256 9395b91b62ab3ff85c2ee3b3db051be72cb940c5fd60c362a1f47e2b2aa2b559
SHA512 519d91af222cdf2cf62bd39df7970180dcc1db671e6d452c0423445fe17bfbc0d581d086332745a101ca798701557728244d5ca910a5f47a6215f6b0c481480e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\Manage_Startup[1].png

MD5 a6e0eed134db9a750e8e7f1ac4b957d5
SHA1 32cdee5662c47ab0035609061fb0254630491460
SHA256 6d4bc8c8a2026d6f9399ca76321b2d59cd98d3ba14cff6703220e6f46382d52c
SHA512 b34f143f7ebae545d86b056d9adc41515d3f49d0ff8e586abafe8ecd8bdedfb648dbd0dfe688090b855428a7b5779308fbf4e935b74d4788273a6c1b0a915e50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\File%20_Shredder[1].png

MD5 24183aff636a477732e0ab16370c6ff9
SHA1 5a42ea4b92abd9e332a3d8159b446570f64b240c
SHA256 4abd867fbf5615d689b9ad1bcc9859421f94efed4fd22bf4aa9b21cf02551c23
SHA512 bff1e399bbf38ea54f18a7dcd6b736630b1976ce03a9f20654f9ddcc8cccdbd962d010e44467ccd50ee80e15f696630732760977179007c31f4fb2f491ef3da2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\gtm[1].js

MD5 0a65ec7f64fc55a2b2c8bb0857b0e081
SHA1 8ee1562a7c6eb44d178180805cee0150e2cd982b
SHA256 4b7f8d5c58b50229b965cd1cdb8a7615b2edb950d50d8bd12b2396c808860a84
SHA512 1094102df8d928ccf2551212e14086bdef2456264c269307f9997d837cb038bed64f54c450a2fce3db61066ea1c911e82115158c7793fbf05ed922208027f652

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\Universal%20Fixer[1].png

MD5 1cecc023fd9b1e918570f443d2be77a6
SHA1 1d41fe18540214a89ff5e1140e23718e67bd08f7
SHA256 3dd1bbba0c353222046e68f07e08b111e0472784e7c9d3370f9f9f3a69e9dd22
SHA512 106d0517e388f7db39869d1075e6a86749178b601e845b73727f8339ed81b576b1b746eea3ef845af8fe109bf7f760a452a6e9964abaf3fd79b9bf7a06b911c8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\green[1].png

MD5 315310ce750224bc43e8fccce217f308
SHA1 947dfa6db42099f6088d80a6445286162509f7d9
SHA256 090fc99b90442d59e416c1cc268fbba8a57a43f58ffc57ed5b2a65c07207cd9c
SHA512 77657495bd638277455607add35b82af64358992530e1c4f7721f25c551a0d8eb6d817115907062152980d1b6c9e70409209d97166a8bd953bdd916e883e3808

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\pcop-logo[1].png

MD5 45f4d9e7d2e260e8288babc1c6509235
SHA1 00b2ff2b04aeae39c3a1acd010c8814bf9f775e9
SHA256 9e0bba84f77cc947769f33b6a9595f95bca6f04e76b38d3f6be385e6c00837a7
SHA512 f2da98b6c541267dd2847a230aa9bd7589b4fcf8e0cba30aaa0314f92146981ec654506e005b9b5d33bd23b6cea8fca0c6953260943bd1200cdc33cc903550e9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\font-awesome.min[1].css

MD5 0831cba6a670e405168b84aa20798347
SHA1 05ea25bc9b3ac48993e1fee322d3bc94b49a6e22
SHA256 936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
SHA512 655f4a6b01b62de824c29de7025c4b21516e7536ae5ae0690b5d2e11a7cc1d82f449aaebcf903b1bbf645e1e7ee7ec28c50e47339e7d5d7d94663309dfa5a996

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\owl.theme[1].css

MD5 2e1f8dfc574dba3a94e8c10d312e1cde
SHA1 7dd543f439fa9249879a5bffe2fd79a65f3900f1
SHA256 2facc6609906c1a284513bcea372a199e68227d96cd775b7bafd93ec58d7a4a3
SHA512 ebc9d7402cb32d0a8f5e73c0ccda32f44f46d875fb1eac15b61eb51e31c1fbc794ef81ec545afeddcb9a5a10042bdbcb7f8b013b7c9690d5e74e3d7017ed2c15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef2e7675bd976d86c74d6f7a9b951c85
SHA1 14286e1850efdc2512f8f0de7f60104218bb726c
SHA256 94329493d2b1ba51375e4a0a1763ef0b09ac2c8aefb1523de5d6bdf0121ce6cb
SHA512 6354175c70481e6bde63415c5a1ceacb63b2879c3e0542723186f5edb2d49f4d20a1c8a92cfe2d4366264c5b5c0b191d5e1ac87a1af56f39dc06474370f98d47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f99f1651ea8a24018179fc441ccd53e3
SHA1 29e6aa962941f61f91eee5a96a2cd345d66ae1d3
SHA256 36651fe11736663a2af5db3412bd7a0ddb01cedc9d7eb17df1e4107587cff1ae
SHA512 0d063ef3ed4290211c7cc9db889e03a9170d20a16f11d5d678ac51c5c22e36327c35fab71a9160d1b251700e4ec3cbcef4dc237928429176b200ab798a093eaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a9ec516b097644b635f7d6c31f44e4c
SHA1 e623cf0c8f742187da4e1ab40e2e3c774ef9233c
SHA256 9b40c9b13df47dbe856b32ba5f0aa9baf13734fd1d28e7ab5d0d3808308cc746
SHA512 aabbf9d2688f1aec60a87b513699f204d8e50db068cbaef5d4f399dbb67e56ac505c72ecce09bdff99e586892700a24fd34690613e9d4573038adf0ef41c6b68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efd9637e71c996638011b54059f51c29
SHA1 9fe585cad118f0b862d9e288cba834bac350a21b
SHA256 076c6131f906d9bf2ebf1bb0da535586186a1b3e40ec3f7216fe2954043d9398
SHA512 4aa0db1463af4776e749bf52efacc94289eb15331fd5e18026a9a9cf8bf7847687441a7dc077493ce34e7498cab3fac467b814fd606ab74ad947cf58e619fa01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04d7e0ca5ae09edf1c85deebb292a920
SHA1 deaa9a47256372e472300d3b664327b274a64cd1
SHA256 b5c8ab598159f8b65103d52fa36dd758843004bca376acee62b6964f23dc4fa5
SHA512 e6f6fff6de701fc05dd8cef625f86852398aa631f5c1b423fc91eded38faa15c99699919eb82c49f1342fba39c8abef35d5fde41dac1dbbe904f804d46516436

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a152df24d1aa3fd4a57319ae1afd96d
SHA1 a3521aa71c96006e3ce9cc466250fba86e51939c
SHA256 686560733666547f5774527e6cdaa06caa4def57ce4390704595306a54195c1c
SHA512 b6757e6e710c7d2951dbcbf83571bdb2c9b15d12a6c15c54e67319f1c29683b17a445953fc60430734d17d6eedea045017f7e766a3ac2a066f2fdbe248e25b03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f3bf7573426f94c9dc095902a3d016b
SHA1 e11c4825791e4669f5b1cb76877b4a5b8b0f4f00
SHA256 4a44d8071966c283547baae578ade09659d5ef5a3e8ff8e098bcba8ed67c1c16
SHA512 c1bb32f8027198193383cd5b7756e83b00d58564ca7317949070ccc3743f009fc533ac071d2d9620db8c72cd9408ee9eb6573e566d33d7f57cdf453582338d83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60d7fce059310a66a4bf290665627885
SHA1 a531e41c4825b4707d031af7add756ac1c67a4d9
SHA256 9d34b765cbef3c0c952447db98dbe8ca7893ab3e0386324c86ee801b00c1686c
SHA512 42c18f4b6513d84f8773a2bc07d4e0d160a51c6a3b17ac00ff6cf9c5bb16debdfbd8d91b7e257e4ff037f6c3a0761087b207bc83464aaaad314331df7cd1a53c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d149cdd00520945bbe18cd7052102d3
SHA1 641c15354e8b02050beeacab5b0d8eaf99145e14
SHA256 6962859c3edc207658fae96cd9484926056d090320a2587e4956fa62da7bdd85
SHA512 8cd8f1b5b31cef8c24c0e7896cbc0e5e2230489378ffbb4e059f6f8f60c58353d961125bb26b6ecb0d1390230b541ae13810c1f20ec0f312f261513f779876df

C:\Users\Admin\AppData\Local\Temp\~DFB8C3BCC3DDD28712.TMP

MD5 bdd9803d5ed64de9f02e2072a95e5026
SHA1 ec74b54457e12bfd849283f6d692e9fe8a537334
SHA256 6785a86738850e47a302aec0059542216c7d30920ecee2d90b8cc10effade603
SHA512 a3c03f096ad84854a98291445a6d84319149d25572471be2ac49703158712a7ec0f5c7b6124e0610ec76af4b5dd684fabb7e9c1066190f15bb98a7b49d11f08a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0e71fa8e928daf9aa9f229792f85e74
SHA1 9e5017ea1153680d13d9958b3592356cad729d4f
SHA256 310982abc7d3f1deecb8cd6eb53b2f2512829daef942b8c36639319001e51bf8
SHA512 83c01e3b4a1a9f56be517f2f7b961cd24ea40e787ca35d93e77a200e63b022676200bc620409e34cf6b9373654d6a768859ffb4e6e76d6289456e5e0f56367bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8265f828086f751940a398682dc7da3
SHA1 ad2e717bcea8c2ddaab5fc2c56b2002e9fcace8b
SHA256 630681d76255db69aa67d96eb66796bc55f96040383f3769c7dfb75b843d4d9f
SHA512 71f2a1a7e720fcffdcff6f6cb4770363675700695aad4eb40ccb35a9a23969f5c705f494541db94884563b87c6682922a9c7f34494779c2910c6dda9b6ecf69c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ddc950b90e6c7b5a6045d1236f8d6768
SHA1 3a2d339ee1255856550b0d5d336b1e50bc98ef81
SHA256 907066aff98896c910f25ba9b86f482612d26c20d5be66d31d367a0baf183f98
SHA512 77dc414d63d0881c1ca5727d010fec68f3f5a5e7481c47bf5a209152ebdbe2a3d8c0dc26fbc7f1cc3c5d7261db04db21470139ea7956906b00cc939a7725136a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9370658565c4795a43b96d3427e775dc
SHA1 3edb8ee4099a03e61a149a4ca4b44cc58e6d7985
SHA256 08ffdc10b4b9586e68e16f42a03a8fb2bdc60b4b1b5efe566a71de17bc08f068
SHA512 0692955b965fd4753a81f46ee494fd532c9c449a7e5794ecc05d17ac11fa69ed79e8df9ae6405971232e7b2dd38c6df7c753a42870dffc9438145f38faa1f029

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82356a43fcb70f529979efd8ae837201
SHA1 a45f4e61d05546c62e666fcdb5c023a45d9d2394
SHA256 a864b35330a9884b0547318dac8f4d44845deacecc0d0aef36f0707dc686a7fe
SHA512 61b9bba8bae6abf34726539e42cc79f1b37ea48ebb8dfe062307503191399a280be20520a5990cbccd4d30c4ecdf07915ecc6b1e1e4c577b81764dbfc88b42e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d4a0b98ff535182ea85aa101f678927
SHA1 2749ffbbaa3177f2943ea9ac3815d63e884a0fa1
SHA256 cef20e3e522eb75b37f1fd4ef9027bb68a53d17818d1b33e69afffaeaacf196c
SHA512 ec57205a7f0e8fe98dc1be7e0fc8d2f778016c4bcb6a9e0943c5c2262ef53fff27ae8fadce1bcd62f2199785c29300f04bd1061bbf93094624e47b98cece2389

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f66244c9aada5633ad9a9db704cdc74
SHA1 5bbafc22e415bfafabd9f43f6c89c6ed90209839
SHA256 712e3755b4a967822e1b3b9e59df25306ed07a2e7854f58241f466f4ce4f1c78
SHA512 aa048d9711de4ec98c52a41382e631c36c6bf066a6d530ef6511a6957cb3aff03389c9b3fb417a1f6a26b6dac8be76dbe94eb1c3ab9edc9f199628c10c46ed2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0a2e3c94db94243fa9a7b973c0b511f
SHA1 f68a36c179f00315ec27ddbc9e3a79cf757a7cb2
SHA256 53c535c3f0338361223345443f0d87c9b00abe4d6391d31ef462b42c2c71a2b8
SHA512 9f7fcc7f1c9257ebc96020a5c4b32b1ddf9cbfcb00d7e1431cff1641931ed1fd8b4fec07abd6ea770c7d04b49baced9f208ec8c96f40875dd2265fc3188d9cde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 140b67f538e65ef4cdcd926d901838eb
SHA1 480aa2c404736f3cdf309a60979357db77d8fca8
SHA256 98dddb4f58173faf151b26a23a735e60b21e08df4eb1a3286ee44d90d10e535e
SHA512 a9ef4d392e86f55c52d5869d7b1429cf14b74fe1d91facf84cc8c8fe50a6764d5cc41c33c785f027aa37569100e55f957eee540f33289dbd9b6560261371cb22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b5d0128538ddd68e096a8d3b635bbd3
SHA1 4235d4fcc23a82a7b0a633b593d21488db9ad772
SHA256 310a00291c8e21d30d2c0f8e33362f44312ffb9499a101dcc1bf93f1f0f43ff5
SHA512 791115a4944f8e20f07a7ad3800ff624f544c8212f3dc8964b1d7177a3f5ece32d4950a3455efaa72ca82c950e761bdf8aff76ed0e55b13643fbc914afb4578a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a4ba7b3be0a44cfc0c32ddbc56e0751
SHA1 dc2b8807d03eb0be913ff2320fe19c27c2bfa655
SHA256 0ae162ef4e907a0157cb08a9103f9207956c98d109ec1b53c50ecaf98857cdf8
SHA512 0fa56f6c9fae628b5cfb225915e03ee072c606132832bd2d36f6eed12828cbf400565193847062a5be87ff312f2c16ee4ac1978ebc8f7dd90fd5f6ab5b5771b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cd3b5dca33450cd89b64b12dc2fa614
SHA1 c8994d772a1ec1da60b7d6057f5f13fd37e741c2
SHA256 d2f03a88f86c0400d4cb24ab4c792817c36b412a52f2885d6d5ec146fcbf26dc
SHA512 8f4e8c7023fbfea211e5d30d7f364ec5c5e45c5f01489e54bf579383af50814c83fa859f0c180a8dbbb3af299565e2a94adbdfb7cef35c7c4405a16c0298cc82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 790daf0dd8677add1a7864a181cdd015
SHA1 41f6e3054a3811ae16d4df4e7c8f94fe0732e546
SHA256 fbf89fc77b0eb6ca37de6ba3f4e16afe6866bf717308bc587210d59d027a179c
SHA512 f462c3d3461f89446715d28aa2b8ee939fc95fe05755b7f60f9366c4231d36c81334a47c987d8d24dc1144aa841bee47d4290d4cd198f1fa3f499ffa46120697

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b2ad74703e44b725277c5adba106b90
SHA1 31300f7726545362653c4cbe0bf66b580316c550
SHA256 f7ac16eca430f69b73f7f2bd8ae522ae943c6962b651c95e2e4414b750a5b14c
SHA512 f00a8d5d1cba64e01d27526f3c4c38cd58b21f928c793a3f40d637dfe14a21f508d960d2a30a10abca6aedd8ddd1838d294c256cc3a0980bfc12641038547950

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd2bfb94ec4fb76b59ca6c13465053ca
SHA1 86bb40bb010ac969c16984215e1ae0fb1a000a45
SHA256 f818afac10bf5cc8838bb063f010cc42c87b56dd60ecbe56d68786c39cbac524
SHA512 2ff6a7749d81ba62ff9b6abb03c34a674688a5ab2ca547e096827935ae29e38a75ec480a496d4a804a8c4f3f16c748a86ed14f3c054d8355ea0990d7c7cb9412

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12ee432fdfa4fb4a10c589fd22530048
SHA1 090c829d31b73186508ee0e923f383ee69e39263
SHA256 49e98c8777a8e468f5b912f3f9ac818606a45bd388e644899a231fb52644cee1
SHA512 72fa534f17083529e06a94b0a698ab7387e0f1c92cf17d54f3a1f2b9c8c2a29f255578f532e380e5f9023f0e3938ed0b190fb7a9473dadddd116ee02e3cbe17f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a1f23d5e7f0c4db2fbd6eb565f43ccb
SHA1 0181c6bfc94aee4f8aacb0980f7f467fb2a8f5dd
SHA256 91d3ff4df1dbcc151bb89c4fa56e9610364fb9dcb9febce5cbfef18113aff2fd
SHA512 5b33aeca3d34aab3c16e102b9efe4f1da68febb408d74bb43ea98d05f6ef12386d6d26c2fd3bb834378d5cf7dafb8aac08563146996d66ca26a5fc20c9e2df95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe94de0b171734a03e9fd9c85cf2c90e
SHA1 f47dfa016775484e8c94065729252979ff2f2a14
SHA256 a09663b0a6700bc02b307441c39e4baa0b4448cbca4ef955067e3404df5ea334
SHA512 1d8f1bd4615e8f5fbc99234e894d21dbaabfe2363eac20cceb103f2ec79362af555320c714597a5c821c093845166b041a59f7c440e7e8974ec30bafeb6361a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8dadfe68a30b453107bb327a4090ddb
SHA1 1dd2f47c52f428baac075f49cc08a463ab081cae
SHA256 bfee7865633a624a1671c518af4167bc028647c5d32837456b043790bcf500b7
SHA512 9bcd5c9e173567bac2a714a2c52c07e11a77d2dde23aa59aa8a2333156386217edd259ac7de05b96f0a31f58f88e83b824db9d5e993d712a25bc657511f5e2e8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\favicon[1].ico

MD5 b939aee911231447cbd2e3ff044b3cce
SHA1 0f79060358bea92b93ded65860ffbc9ecae3dc14
SHA256 f35fe126f90cecbb6addd79308e296e8409dbebf6bc589c31749e67713e9bb3c
SHA512 8053232364d54966f4b8acdf9af61a1366bae09789d6a76b8e723d7c3f96287460248eda12083795766809569527f4821f7e87ca4a644ae900c3df33002c9977

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bl977i7\imagestore.dat

MD5 462194c9111e97e78ea4a7412e2331ed
SHA1 a66ea490b6f804ef975de6c5c8bda28f991455e2
SHA256 2d7cf12100848bb7123f27e84604cb35555a8fc223f44af0e3af21b7a3cdb84d
SHA512 778d5f6ecf3e68687129da23d45da7cb962b8d6f2d4dab609f2749d6b06ef2b394a727e35ff3544e342dfc7e316a75cbd62922fa35e17a229ad3e15549460868

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74f4dccf2cdf729bc9dcaaaf73b400cd
SHA1 482af6758ce9bb49a027f9eb76ed640997a40988
SHA256 13befb9a291721f3dd5f77747f7b9c3f62d3df8403bb715667f4d00ce299bb8b
SHA512 d56318593b931bea2ef11400b1c89f426e8ac04dcc9c568da8c072323f11633280602b0349e96d235c9e74d2d76a90bbb2d4fb522609976da78b9382c81fa0f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d5c7c77992a03046bc1cd7772dbabbd
SHA1 42e2052069b147723e76be6d55a90a5282b1afa7
SHA256 f7dada9fe255009c46ea37bbc64c0f02c00f9c4180d5b5c8e5ddbbca301dfe60
SHA512 7089873a9baaa0037bc34111773dbeb2e11ddc9188a1dd5ced67e3b0557ed78598e84bd000ead6118ac9cdf96c3ab323ae497197ff93cb7153dea0bb3c9db1b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c560f4bc2f2397746b38a69b017dd0b6
SHA1 13ea755d0965107b44dcf4e2c933d572b82beb40
SHA256 532c4cfba2122cdfe3e02e24ebf5000a0246bc9383dcdc60b98128e032e24558
SHA512 b6c13a8adcf13752949caa83ce7226c21756947fe9d231f3ae6ece3d1ba2df1bb463bcac947d45fc8371da39cfab63bac28c71443b140d707d10342ceae861df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92df2b6baf8c2d08f6fed0bc52a1928a
SHA1 f18217648034aa2fadde766c2ebf85f8b8d9ce0b
SHA256 855b5a762d9e070655b0297746a239d071c3f9542026cbb2ec8dd841198109e4
SHA512 212c985fd2153e36b85d7ebb49aad0888968866a770188602c8559028e3037170a8d2d6f6b871f4e3fe9c8c7b41ed1e4e6ffdd274fec6f597f1bdd81fddf1059

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fed67a7baa43ad353b57f5b06dd37695
SHA1 263d8ca7417f1fd40157f2ca723eaa0155aac702
SHA256 637dfc3012e9f01973ae5af2f3fb29aef36de0a5d365b13537d7ca74dac0658c
SHA512 a8a7a2d6d1a3041c3fc21494d95ed3d2b5f1f68acd049ed4c99f76fca85a49535c0768cabf0a48d18314225cfad6efca38d9e6cd17f262120bf66a72425cb34a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e20eb2540ffe9b6a83caa2f94bd4d0a1
SHA1 79ce167291fd9e65a3a5c9d87c7d956e816484d8
SHA256 98e8834dbc47f9446827f97deea045b84374ee209478b60a7ec516317ce802ec
SHA512 98f567aab32194a033c641e51fbcc2e3d6a16ebc5c0614581c9be9e60515eb1c053d14d35bdaf55851415f3c3b759ac1ceae65e55ba60911d8e23cf6c3112a24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65a8bf471ea66bf9f4762f6f984b36d0
SHA1 5214938cbf770b7f779717e242bd6dee9fb3a257
SHA256 de59050317f02617e9a4db05e36d68c11ac8acdc46a2696c3910ab4a9030dcec
SHA512 4cf01a77f2b76205b49017af28c50234b1f10c697234231ed52a3e5e967c1d5e9772b2858104f4f12534cb26835bdb70d8b2c3e1f6d4ff0d236a2305cb9cceaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee7f522836e52996b80d03ca303aee55
SHA1 9af6bc9fd69e148ef5fa414f5720464c37ee02f3
SHA256 3321aff275dd923620ef42efaf5dba2f4f70c1de6a574d896742ee1f68814316
SHA512 775e0a2deb82872766bf8a39ce39da06547d750b75340977061d0af87cef17239410033b225c8595e8c9a756f83dc64df114ff7068c4db10b30f71f8b74d05b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80ff8dc49ebcd27380fa50bddae2e69f
SHA1 f749d546281ede0333fd289764d8ad9dc31334e3
SHA256 5ee976956a35e7cb1ddb99a747e525c633888655608f8750b7f4921ad446b1f4
SHA512 507fe646fd4423fb85a87840d420c8ab3c4e83cf03ef097f0fcce2199195666e792b99ed6f5664b3c61c0f404630966e3acbfc74e5984b5d12e1286c5f43f276

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8363d60f9b9b19d6df8e39d51fbc531b
SHA1 aed2cf24ee07b888eebc243aba64e0ad937eb21f
SHA256 0faf80bd84b4481d1d208bf9d9786895887e27bcc4f5f185a084fa904602fb78
SHA512 5f14a8ce2b72b10761348dfc6d69feabc012f3c9d5b02c0daf2520ce6b817681d52eb909e086cd0954f50506a4b8ca58363c935c912b7e1ca9411e8e640f9903

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e1b3186b6e131c4421dc02e75e56517
SHA1 49ad660972a6d60ba3407531604f42b2ab3bea9e
SHA256 c6dbfe671eafbd16178f278f4169d645b0969929c1bacceda25eabb726f469f2
SHA512 07c5320065915d848863cc35cec360836b319cca6fc3c9504ba95c544e812d25991206383e36297adbeb5129dafeac9f65d2bd007bb940b7bf40858f4a7d6ce3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 550076fca629abceca141c05cd3a47e2
SHA1 3f02ad2f2389ee569705f0f83b9628a9e5a54b7c
SHA256 73b7e4fd6312e7951157d2a373ca63f2f45611ed4188a65b107e11a40949089a
SHA512 06ed0ca35b2d8c741eb416079addf04048247e3eef9db40379131741b74ed13395278ca4bd86211ac4dd5c808341cc8ef635499cd3d78e716e149f17b1fafcf4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 842caa2e1f9aa684c07e5e6b04a3d282
SHA1 4f85b2bed002b4cfdd0ea1dc4d523cf93c1cba5b
SHA256 0e6c68b4c96c4b3910517e2d5dd3da47ee29afe64e4b7d04abe04fd7ce9381a6
SHA512 5484342ba48f6aea596db8c7351a83734b043e447b0bd38779e63b00b96b90e0dd31dd54d2e10a10a26a0f1e870ac083b956584002ebd47aed5a7a2c081c318a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f932d985add90c5ebc13b1cca3ebaaba
SHA1 9401227cbda4127afc7628fb88181f412371c357
SHA256 6602028533c33518d6c58bef2533fd740a6f7d99cafb6b364ec0b40e9620c768
SHA512 0d86bfa5d6ed01cf738a6c8e487396d628a11aa2291cf6cee6d2e1320b7737792dee3a3d5266c97400cab021805973eceaaa8b420316d1d9130902d4e4c4e4c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2c1468cac6fff58a036c50a81d21eac
SHA1 ca56db92a47ff65399a0558d9f54488507ffa759
SHA256 e35254d83f2f1739ad1b9bd573ca273cf7dc1046797bcd0f16ec190dc6b4f962
SHA512 58d24ea84f1532be7040cf5a3fbb22d93d8f0cd6254ba867c72fd959f90bdf943b5260b6a206b767a3b414231987be9fc45b7edaad19bd420d85babf84a254de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 353319b47645072c627df283d40488a1
SHA1 4925af4bf4b60a0db09bfc5ab4d01ce22ee28fe0
SHA256 85e8fe72390387339a85790dbb390a6edaa992b2b3c9d71b392b358e489999a3
SHA512 8e3d25f3c062a00a17198269e521366009e1afc32b016d19b2df6e5eba71695fe8845591ebe9e4e0065bcfc55bcc885910ecbd137ed698d36133dd2dc0ff7483

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms

MD5 49c87651a836e57399fa4fdbc5710160
SHA1 fa71195df448535c6ad15e998310121d59a254c9
SHA256 03c66cba68b127fb45ecf7ac0a03cc43f850464cbfa23f8a04a47a024c5fdbc1
SHA512 9f4e5e56a7de2554966d1c2a33c0ea10d543c12cb84abf0de84bf22c922548ee2e6f8f26a7151432c8382d3e766fcf9c1fba73d57ef567f4c434f0f885e522f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a24cbb15faadec184c6cbfcad9fee6e2
SHA1 c23944f1a8172d020e8c16a8d60d0258a9769b2e
SHA256 0c591a86c2782cf4874ead845042afd1917ff0d82d4129b21c6f1282057e7970
SHA512 21a23ebe2e9ccd8e5675742845ff351bdd22078ad9b48f5a7bf026564dd9f14ef5f71dbf8292de02ed2d87bfe57e3d0df749ea300d7dd868ce31f57e667836e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b30141d2e4ca83fe7f292abd86ee083c
SHA1 3fe1815488ce8d6190d082effed3f2d8f5f84c72
SHA256 60176ff335d6ec463d1f4397764dc126b0a75ec3ac89d3e8c09f17f2cadffd38
SHA512 e1177a850722da8fb2e940f9ed345dada52aed8e94fdf0f8cf372702b65567e75dbd1d782fd0687ca2eba2c5230e093fafb0748688d8f38046d19a92cb88870a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0932960318747267c18e650dc0c848e4
SHA1 76f62335afb86a6c2061e27ce368cb3239311472
SHA256 b3faaba98dfb19a1770177aa62e31b8968582566a7108ea9d548f15396ddd41a
SHA512 499024e4ace9140e76680eb5878ded1a91b0b705572bf17c2cebe408995a8c233fcf96027748f537ec4612223c0920f365c4217f852d6c4358219a167c7e658e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b06afc8027e804680adcc21dad14b5e7
SHA1 fcc0bf2348be7b73dc320fb43817ad9a59086ded
SHA256 da7e537b7b676ea3a3743588441e1534c3efd54b0d2358548ccdf905e83f8c99
SHA512 0e00d51ee6dcb425e36b7f364cb1f54f059bf43d99ccb512a4f1fbd52a8324f19ac7fa67be2b42b617193cea736cdd730c363c2a5120f963943255fe477d3064

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de2801a949087b22236d1c1681bbd6c2
SHA1 6c3012c405f84086ee67c20a0f0573f0bd10f9f7
SHA256 7e7a2a30e06e2a076841180524f31c52eafeb398b1eb8a341026729ea8783841
SHA512 ed7a138d03fea8b3cc826cf71bab79df00cebac8aaa4c28e42c9d3886c45bcb6446ff6224641da6d3cb561bfee9c4da83eb628ea2bfd08d1893ab025131a880f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2f0041220c4906bbbdd3837d6474958
SHA1 d9e0173df428aaf11d7683848e2a57d89974680f
SHA256 70a860b13b4010cc4294291fc2bc8c854b53b22e2c915c2be1dfe05b0901272f
SHA512 3fa1bc6de81277fc48aa8eff87ecbf4e050aa0f5dd381b7dadc7edc8e7b4e6c3de7af2357781dbebfac890cef815b8f75ef125bf8cb4bf1b798d962d3b392ab7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f4f135702a92605e3488e1214479741
SHA1 be43e193515031dabbb1da1b97de4b827cf602bd
SHA256 532978e0c68b1af0685278600d76b62f5fc9307ed926f0940b753ddd29430f13
SHA512 9037e61ef0d4302f49d58af9fd308600d277d501d54881902b275aeced73fbfd1a2e9a00ed2c836da081bc0fe866d22b010a59126a61c7c98b9207c758bf70d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c52bebb5d7ece6f6b6136cad7ec3352
SHA1 edea351f7510f9dadcefff150261135cf5e0867d
SHA256 5ef8f7ef7c60003d8e62475b19f35d19d1be36a995224ad6afecf713174de24c
SHA512 fac2edf8a2129a4c3b8d57f682d5c86601ad7fec4813f46cfb7563020f3d0c53e6fb20472f107290832a1908e03b140a5bbf51f707d0501961bc9375e47f04b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f097fa321ae3cffc3d41aa331d4e82e
SHA1 4911fc022548dd1076c47e6e98dbd10e2af46f1a
SHA256 2ac6dc842ce267bd7e494decc25424bab0cabab8f7473e78c2349f6131994fc0
SHA512 5a48a393d1940574247e55f8b50638e6f4fe3168da30564e85bb8ffb0427b25f03d754426363f649ff66d1cb9721154c35e81ebfe02b342e2f0ed0cef3e58ac8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a490e0cfd18ccfd4c4399c1fb6117074
SHA1 167f9fc8aa1febfba0a54c83109a67b77ef23403
SHA256 5ffddd5559bfe076ac8ed290308902acb34647d2cff334cfe921dd858f336668
SHA512 c3d749868d8a12bf1be7e81b25966dfb7daa9671d1e5e2223325a4f569d8cc17a70af2d173db2449c7dbabb86d590c93e05a469b778d60b153739d088fb646e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95b35d74e1c48141aabae4c47e089558
SHA1 c567dde65eec7bd07d99a537d8dcec9c122da0ab
SHA256 a9da72859815bff65d04c10bd789a3f2c49be1f7686cd1b6fe81c86ccb0c6ddb
SHA512 b840ce7287b30ec83ed4ced2527ef2a5790c57a8143e80a89d421095f48515bd893232e7c0c7a87306e17de78d4660d7641dcdd42eeeea10a245603aad0f7e09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68d6c9d291a71777914fab87f6405435
SHA1 f8591228530ba0f29c403a066c7caebe8094ce9f
SHA256 07e6b22f4e3aa0086df9a540ce70dfa33910bea3d3b3c6ab055deb2f910ce3f4
SHA512 d870c8097a281ba2b54f2a52d82d1f99534e46fc584e8da8a5da9d6d5b64021e291316430366fddbe45316844aa53dcd523ca2df271ae08493de8ba3604cb5d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 534996d0d04a54509558a2ec1210d6d4
SHA1 42b201fe0f8f3b8ddc4298633fb64e4b3f3655d3
SHA256 6598fc4539a38be83e0d67f0420398724f74a00ff695b9019d4dbaf1902decd4
SHA512 872faf302bce49a0e7b582175b7297a57318c837c3c5d334c6ac2ff742e974f7ec547b920e9c0d477abb831c7b15f6a3e3c95730234726e337d958f0286291d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf290a086d7b9d83e491115be763c0ca
SHA1 79f3be76bd92c794084404ccbbfc8bfc36a25c06
SHA256 f211324e59f4c9cba02287ae3e54714cba0536de7d98742361c89f29193e30a1
SHA512 f61575d27b253ef8c054a93656c5e52391b30251528b492252d3e3883ff63ffb65698fd8ea4bcc288ef2b1d0c41cb65ae64d00c74efd7efd490d758098ce6697

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38ca87b8377b4c552c073f01662aa776
SHA1 df8cc2fd58296b105096003a74b11275bdfb388f
SHA256 0acc69fb18c1197b685e122d1e9811feb9e2970090d123522bd21c6f5b6b8464
SHA512 538b376c0fb60e7bd851ae761dd816f26a7243c8f48865f9634789d309c159c5a9a39c5106d6a7bbf329ff5aa95a81d3df0be7b2126bacac1169c3a7355d4122

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8a2868b15fcb30448e2533cfe9a11f4
SHA1 df9a5b0c484ee1267c1a238f736cfabb7ca02c01
SHA256 d5878ff42af255b411468444e8b0fc648a1e1914f1d788f7ca2bb017e9c8488c
SHA512 dbd44820a0c561cb4c3f25c38026da3e71d9631743332af6412be0cc9bb0da9e3fb1722152233533dcaa234c2b1b6ef211272e7529f4c6d055da4c1d2f5a5885

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0815f88d486574790fbc867271b014f
SHA1 48b34f3d128b01313215e88251c36956509ecc01
SHA256 66ce1bec473bd984cab570eb064d442ca441c6215ac797b13cb21ecba38d153b
SHA512 a17539dd439fbefa44e8038a445ad940a6a6f76d8bcf417567d6e9cd91b27f7700592ee0bbb328227f29b3756f20fd15621fb0f51fde0373d3efac7f2d40515d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 718c1ff7560d78e4c236653808f15752
SHA1 22ed07fb86bba2c737d055cfedf961b82a67452b
SHA256 efea3e395966dcf9a112431e4866410a530fcc11fb6ded11e02040773ca34d60
SHA512 524525f59c0b788ba1af52fed2d87dc8b1497a3090f2df5b5d864c84654af64b514a4da9985797c520bc0e421a4d38d49714e80e24ea5bbe20dfab9224a78acc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30a6d646b074c373fade76bcc5befa27
SHA1 5a8842adc0da46ea6fb085b72d0421c72cd30ed0
SHA256 f49425dc589531b6ce567c6f1337810923b373a05f411a62fc74fe2cae099c87
SHA512 858caa073cc24f103ab9e82c9364cf0f2484d1d18ecdd7543455e6d364d215b36f2e666df169b7d91faab5b53e627cab4d9c1aba26cb876874e39ebaecd2361b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2ca8d17575cb56d02de8dc894b586e3
SHA1 b6652de02d4899b5008997f9da00e106eea20b3b
SHA256 2b715bb9623b67e6b0778f6a7e0c6d9596fa7e6913c52a16fd3ae125b1452557
SHA512 2e30f5a30aa3a7d30a46bd1d64d0453d2464fe8b2514c790b5a794ce5126bc0b1aa35a7a269a19fc5e55e6315020e57149002b774393eacc36c8066238d48ce8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bd385abd666daf552f4bc7f135d4b94
SHA1 fab6f6487ac7140f769b8845646bd575da835066
SHA256 c89530a0cd6330b2d2c982bfd0ac2a2c6e7496dc094afe0e2c9a717f1744f5ff
SHA512 9a92f4bad422cd18a8f99850f99479755c7a1c51cae555871b8071e4d4d51f5f3d4bd4ce01e87972f23321319961ba9a9aaf14502da44b6f97bcea5cbe5df6ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4548bc98c00cfd6eab2bce67f44fa15b
SHA1 b2a237605d60a59772e60475363f5d1651e85626
SHA256 9ce036411a26c655e4f74b2117335e8331c404da0fc37ca1842f834ed2a0fb3e
SHA512 7fb10d1eef2535c711dec71d81386a8ab9310bb7a202a81e55745814d7d9631e11086ea28ec7b67dd01e97c3017199b86c34ec0ada2c4df18454c7f35f3f9696

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6afacd70a17f3109b38129b280bb0b63
SHA1 a5131caacec0609f4637b1dcd49680c3c5eed2b0
SHA256 7852135950f9f7cbd957e757b741765bc452054868affab5b8d1584c022188da
SHA512 40d445c2b0de4d2060e475eaa4d9c7394d945676e37417222787454dfe703fbe443f52ff6cdaf96499027feec63eeefdb8d6b7499845390aaec40a985740520b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31db854a7ccacf5a801c73e55ddc5906
SHA1 6e0a31fd2938ba0eec655f15cd275304a309763d
SHA256 e3dbbde8ab3e552b2974c610d65086a5e86e94c21ac4180a525e2169213847bb
SHA512 6a0e2ecaa55ab5d921b3cffbb8f18941c669b9e4bbecb3e0fbdbf590b106ed31fd71db9a0b1ad41c43c99a64e32e1e92529bbb9fcfe2021b09caa93d293e07ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64cc7806c2312f7057818f8428b325cf
SHA1 b59855820baa9dcb969412387879e53fbe4c8afa
SHA256 3063237589134f38c17599694d47c9b8ecb41950ea774234635460e461f855ba
SHA512 e3533bef63e1d40885471ac330466bef61b7614656689856a36939df16309b21d1261f9e856308ed1e1af208374e669d2b096e092a0d55ac759dda7014a60068

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01dbbaf1cd7cf3cf2d6afc511f6081c7
SHA1 c4140b5446e296b7293df72ccebf49713257e16b
SHA256 2d4b3a160708e8798d92a90491c9abd7ec07c233045bb399fd00a8481d08a9f4
SHA512 75a7d2308e911836826926c0a897fd6bac257e690aa3d743c3dfac806048c1069a3c94a5ae45a4570b54540ff25e818dc739058599271a5d034f99579ba39573

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 625cd660dd19440c3f12b9d7b229f01b
SHA1 12e507753fdad45a1db894a4782facbf78dc0de3
SHA256 101dfda6f898dd7b431cf794806c8888a250c618c5d08c9acfc33cd9a4ac96ba
SHA512 17fe076db36499b87790dc2515a56929b9327ea539e2b9a6a0e7ad19a99f9fa6d203e4eb7595fd648b223792bfecda16830ab13215fc06dbc7f9dcd5afdb4396

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48c28eb789a5264990eeb390fba84739
SHA1 9c7f4cc5b10af794f12d163933ccf90663b1b856
SHA256 d31f96661941ac6184aca3bedf2c180f3fa1391bfefde895b9330111f4778424
SHA512 c711b28a0c34d07e35f75799988af3e777d6971188472632c97ff5df79d6a8b2a893e4df1330332157b8c20632d1202a4f79c1cd374bd74e2cfd6060201fe8f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35c7146a521d3424ed0e79266c97b4dd
SHA1 1e066ea18c15338900453c7186eec43475c1c235
SHA256 a2d35a2ec29d7ce3684730354091fc2fa11dd96764adaadd5eadd1f6800f58ba
SHA512 aa68fb67b9e95c1176003a3d7c3e8881f78dde074c4a939784b32b585e4264565c61488a9f1304ac5627859cfc6995b75d94a6dcb7f00171f340817cd7146f3c

memory/4812-7417-0x000007FEF5950000-0x000007FEF598A000-memory.dmp

memory/4812-7454-0x000007FEF5950000-0x000007FEF598A000-memory.dmp

memory/4916-7468-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/4812-7469-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/4916-7487-0x000007FEF5950000-0x000007FEF598A000-memory.dmp

memory/4812-7488-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/4400-7489-0x000007FEF5950000-0x000007FEF598A000-memory.dmp

memory/4916-7494-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/4400-7493-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/4812-7495-0x000007FEF5950000-0x000007FEF598A000-memory.dmp

memory/3908-7496-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\dnserror[1]

MD5 73c70b34b5f8f158d38a94b9d7766515
SHA1 e9eaa065bd6585a1b176e13615fd7e6ef96230a9
SHA256 3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4
SHA512 927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\NewErrorPageTemplate[1]

MD5 cdf81e591d9cbfb47a7f97a2bcdb70b9
SHA1 8f12010dfaacdecad77b70a3e781c707cf328496
SHA256 204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd
SHA512 977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

memory/4812-7515-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/4916-7514-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 047516672ce7c51a0c91a6da53b02652
SHA1 11d7b90e14c0c350d18cb50900d94112757720e4
SHA256 9cca0a198a67334413001b12a99fb34aefc0fc4e8386e6f97609aed178c56272
SHA512 1e661998ba61c2c9a4e2420d9ec8db2a00fd047ee0312a1c0761407939869b20ded52ff378299301f4f249a9df53411be923c93f207033ff710170bd34a0a9ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 549bc530292b2f817d14b5954dd3c46d
SHA1 31372e5cd0fc4d8f40b2eddaa79caec9f3751910
SHA256 8fc948af1fe29267b1fab456ebcf58efdc207087e78f69553b24f8b5b9989e2f
SHA512 7498e28f7e2e0a8b0e54929115a8d57a17c39861683d76f4322f1bf3334ebe0290dafe672180bb102b61ae9fa0d0bac118ae850dd5196deb48ff512f4e887b18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46e7755038f017f32ca791fbf46d6eb0
SHA1 3988aca2b08d19cf3c96c041a922c76f3c8e68c0
SHA256 87fe084c31ba075a6194186bbc728e58712099ea2779cc8a6a19ee4030f485be
SHA512 ed7c0533d49b9f2e77edaa4de4e098942a7e6167fccd66553ee9ce64c4884c1ff4c421b43afe22a6ee55ce854c0372519049149d0c67ad96e8bcd20f5c1ed5fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74ad7babb8196ae7419eb6ea78f14fbd
SHA1 fb757682ba4f344a84856b33e94439a3540658da
SHA256 a5ac2725dcf7091b3157aabe779b0e7ce24ff9df60f4c6f1aa248492d9883154
SHA512 74db84d5055d95bd3d4f17e182cc6e80e8733f59e9d97e3cb2a7a09f5247f3dc5778c77d85bdd6d1df02bd10c60c9afdeade31130f6c6f11833b11557a660f53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa19ed68cfb0632187886b928a4c75ea
SHA1 f0d66928fcaa8cab9c8e0f415263088b56136ded
SHA256 f9f0a997db1b1e92a63f901808bb2d09be6842a1634c2154b1d5ab4635a1adf5
SHA512 3e51ff9d52d16077a6023d6cfc6667303f3560938e2f1fcb18d766464c24cabc25c271094262f7ad7f4a36ced5f008a8b079e9908cbc68b87140c338d1848c6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5d2dbed99f50f5ecf10014ecae11dde
SHA1 58c7a7135a0c2032bfa7a273d76c2e6e9f4d979a
SHA256 04dcae372c31e09a2aaac6779dc85cc09181a35e28ca815b1520e4340f55be10
SHA512 f0c047cf756e978c83af026e2d6cffdc18ca34a22ccfe9d4ef0797d28d15473e7bd7b625b78966cc2b715389d0a4c5b7a8bb012d14aca2b6ee27b43360ca0f3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a56fa987806afa556d227cbb05a1b26
SHA1 13241244c08fe9d24f5ba91cc13713c75c41b92b
SHA256 359104ef63ae24f04c3e37de8a5b5a72d961377c3ae4efbc28901ac00bb509dd
SHA512 663b402efdf070479e2bbe594f5d7bb85e4f14b206b6346c7ddf920aafcd4782cb258fa4c8bcc107a01208a7950ca28ada6a93426f862b76dc46e30c5df5d186

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3efb94ac079ddbdbbd55676dab556790
SHA1 9d889f141a4ac065557c46eea95329185783336c
SHA256 0555bfc5749291f96bc75b5ddfefb4e4889de9bd1ad019e04d2d9c283e03441f
SHA512 6b378219fc5d8b2b24e33c7bb466aeb7c40fa9bf1ceb6d044ed77064ebe0748d57fedd5ea01411a0f7f8e159d14ce61adc0f4c2f1600b89d410deb8caad22975

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba260e89a3c2a6e34df10f52bb1f6673
SHA1 64f42fe45b0a618b7b1d0130cfa76be6819cf311
SHA256 a8a81c523e273e96178cfdc2c3dd680f5f4d70aa3fa2c4320c517e544b81d1ad
SHA512 b016c19280403dc9babdc7e79158e5cab2a19e8a23d3c9e5a9f347f66366f2cf4be3f241a97453eedcfa87817f6fdcb67f03cdf2d65552db59b351ebda9f5624

memory/4916-7972-0x000007FEF5950000-0x000007FEF598A000-memory.dmp

memory/4812-7973-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/4400-7974-0x000007FEF5950000-0x000007FEF598A000-memory.dmp

memory/4916-8002-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/4400-8001-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/4812-8008-0x000007FEF5950000-0x000007FEF598A000-memory.dmp

memory/3908-8009-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/4916-8073-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/3908-8072-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/4812-8071-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/4400-8070-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/4908-8074-0x000007FEF5730000-0x000007FEF576A000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03b17895dce4a586a22b2bbc96585393
SHA1 b2f069cb1235a61fcc9af43cde16df0b38636c1d
SHA256 e24dfb03fa5073626c622771a9a7c3f347d86bb137cc4e50c1e21a9290932f06
SHA512 d3e7ca5d65efe25e4a1b4977b7ac8c2bc03d6dd87fcea351ec7ece4a1160c574373379dede0f52c7537dc79e86f9e3e7c3fb1aeafa29a7be60241e8bf7c91b78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32387f093d04bf99221c3aab224af429
SHA1 e15ef57cbeb06d8780c2a4723c80f7aa8e9939fb
SHA256 8487046501ea054fe1d2cd961f12da2bc572a0278f13373661aa6a1f87805b9a
SHA512 b1589f9a11afd8e7a3908a9762cc7d26afbd9e10cfb992ed2c2d7383945fd67c931aca9ef92b2102e0f2ee7cd8378071be7d3901b023c92066afcd84eba6193f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bfa9efe21f36085b8c1f348e8877b83
SHA1 49a0c8bcc8f632a8b0aea09cf46b9d48f9272ee1
SHA256 62ca55c92f92bc2b978616373ba9867481d9238e7aa79589e95b9a3b86259c5a
SHA512 7b3eb34a85ecc5e59bc29dd698e8de1e44f6a566ac3f67a761f24151f750bd6dbd9d58f2a1d59407ba0822e301d14fcc7c344ef8d03d6f9fa8cb5859e4168430

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b710563a8993e28037838fe023013d07
SHA1 dc70b27dfd1391e29ad384df104c19d3cf9b15cf
SHA256 2a9f566f9b3b680d7d81939f55afe7f313496a6410de724b8404031104506d4a
SHA512 be2b0171658094bfd1dba905d5cfcdf4021937f5e6ad32a134b00d050107f91c1eda7e839a2f1b83d734602cffb115203b3d2d229458133bae1807081bf8fe5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 282a30d99cd41f7bc6971f14d0a6284d
SHA1 50d2b9bd57eb6d9ca591377dfa6e7d85782811e8
SHA256 22a5bd4720d3895e0e584394231837152be918b3bdf09fca0a957940b0e16b05
SHA512 32d507a25b4d04d91dec037a8516d26fffb863f349c22e443b6273ef69a30ddb4ce649ee7112bb29b4ad5703f5a8ad79d474432259755029c93690f44e3d36e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdacd5f1e58f728b5c78c73699d25ba2
SHA1 8c74ebca9d62900a62af38189c5576154692c5f9
SHA256 158c78d1149b71f3dc75be280e0f3565b173e2f04d01e0e1055c5f2ebe8cd918
SHA512 5e023f61ddc6f8f20bed2a945eed3b37a295dffeb3dae2238712ba92c4f7b152d32358dcf0ccde7d688ad3a1f0460cf0082fdbd8e19850dae93c6d3bf9179be3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f518748b0e9a6b3c15f1f87aaf55938
SHA1 60a8a8ff59262e7ddf92a460c23d668bcdcb9ae9
SHA256 d835febe7863741dde312f822ba65541fa287f26b343968a9705c1854f35b9e9
SHA512 708cb7c7be65b87da6ee0bdab820c91f7350f9f12ef9cce53dea0fd1577c8465beaa5904a477e3b4d2579cb6135246f42e0530b7c61a1d03606189b8cbe3fa06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 115b1b9686cff4594d54912d687a9225
SHA1 ca6235787cbe34f670911b3ccc0f470c7f5e2343
SHA256 965cda739e40b1990e7fd71b499b426edc5a5eb1690c8da5f231bf1bf0b8a50d
SHA512 c1bb75e73fcd1e3079e81ec90c6f3143e0d1206dcb03890c82a1c1a7ab3d866f5ed7a29793edb6fde93bc3bc5923eba691f4975fd7057f0536dc64907bb6f465

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89b0b39b16a850418e73d778f181d5be
SHA1 c0cbe9556c22454627e4e2ed800643e843ab9d61
SHA256 9f8ebc4e70a58cbb8049e6885787afc670909a60bc57c12a7e544281ccc12f37
SHA512 afdb43b3f3775919dabbcbc8a4a4ca760c9bb20f130483fecf29b3c6a1487887c11132dd86ea6619b434f869ad8430f2f0a83fbdc119fa4ded919e8eed97ba31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca6ad2815ac4fafb3bfd9ce7370a7640
SHA1 275e5ac81e8267bbad5ce569621e4cb617b73256
SHA256 d9740d0e66b16ab3b7278dde05f50bc8a0206463ecdbdcb14cbf4afe2a51c2ab
SHA512 953ad38de589c9812ba53552b1c155d09b606d2f7d3846410cffaa71d2a8743c7b6126abd1275024205d5f1d15084c89e6fa05fa1eef3c2fa60403a30b04878b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b22a76ed9f4fec714c68f0e7e8ab9af
SHA1 6e60298eca7d362c0487165f56e8f179d4887c30
SHA256 00d4b7dd70f21d935d63c896789a363ac1a69a04da3a7a52533989d213223391
SHA512 88194411da67ee07766d87bb5e716f144dc200f2d977614943196439e82ce1bb4653525f21acc960fdae95ba5d0a73e8246ded1bf5e02ab3429bb83e7228657a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 331c37604ccb9d540e2cc231a802127d
SHA1 ea05e00d5fc4cc5295fccf286e1597b0d2c6bfe9
SHA256 f26dcaca96726c13a45a75373173368ac4fc8790b53f9207fd575c6ecc17e487
SHA512 78a8339e5d96ef71103c66a59f3a63a91a59faaed95b69dd720b84a987c07e8ff25d29a4d7effdbd2338550323c3df67b167bd2c566b3352f8a8f00510e9f2ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e93f465824b32e1bd5f0631b446f10c4
SHA1 67cf362d6b6b18c0acbfe91b39d0782b341c16f1
SHA256 9223a91816aea4c0b9f483dd6304cec1d88261257f456cc62991085e465fdc78
SHA512 d84d1832455dc3b1f6d6f603b7bc7434509d75c12ee29a1e493ec3b151cdd0ed6737225ae5d0a17afa19d3c8440a7b473b73eee8733f38de48b80d72ec8f3ae0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a9c193be78d9cec07fd4dc04c2e467a
SHA1 9479a31d9728d87d280eaba709bac9b9efe4ed69
SHA256 aa1374460a7ef33c7ad6d701dd52f58f009c375f6b5a7660ca6ef81657dd5757
SHA512 8d881ce0730c122668bdc415b49036d6a00d2b5563d9dc3dcc9c81dfe8bec985741160e95d3c5ee665871def9cdb6463a34e65840b207c7c98e18ff5e14f5440

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 759dbbefc2dd8507d4ecfef587d107f0
SHA1 6b0a63a75564545d950b6591500e8861522d61a7
SHA256 766dec02b88a6a455872fc865c4db56886e9318f5daa6aed8fb06bb6c32a8981
SHA512 77b808aba5c6298b86c9641d9756dc6a9d0985e55bc852d1ac61c9a191ae83aebde1f0f28b2ad6343139d8f8d4f0ca627ee5ce8ee870acc5185bb1abf4361bd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 993b5c5c6638568e4101142168463a4e
SHA1 ac2c3f6272a2aa428d293b29c966e6a1e65245af
SHA256 b30c0ef18e7a357535e65322ba49075dcc6d3aff08ac6d6c56ecb69162771fe1
SHA512 165bf708b58f3f3c76f0d5ff2f1e31d72e005c738ed17f8bfa1e657db8de063f12bf40a30b74102f50471afd9ffc232ee0d6888e420f2f425139b59658d39286

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 888ddedfd2fb1508ec3e8a5207d92371
SHA1 b9360d0d385ecfd604d71159130278e4d721fa50
SHA256 3cfcc4940d380745dc46e4527019ef3cf56ad1559021aa6f850b72a85dbd13cd
SHA512 02f46e7fa8609c85feb1f9dab216ee331a42a8d13a0d6993f393eb3e82d2c7b8e95ca748e1b664c39ca06fe6234c377f3c4f31a10e88500c393cd5eeea497b05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b5ada66bec370a18027367138e15151
SHA1 575eb228409795780aa589d923df13dca3ed6ad2
SHA256 e2e073fe701a2b3ecd23b4c0e2b24c7d38c8376227c4f77c497cb3699364e121
SHA512 1ac985e4f7c1130c354a659b6f67b4bfa0bd7bd65d6fcfc330c73f6d086a9b9e21362bc73c38adc353ac9529b4927ee7c67201ecde83860b55f12bc63ae1d971

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c66b1a0946fa9fa337a459f7c5eabaa8
SHA1 1d1bf1c6e2226570ec4be3b807700fd076f9a44e
SHA256 f67cff9b1068d40004439f7512a55871f62c6d29f7b58664cf34b584d540746f
SHA512 8128cdd6136d7956815c6502b8ba88b1c0f84e5a268a65fb5700a9a6031e42195e8415d02446a71be3faccb76787249f380c10168798b962a24eb0b12f7d8906

memory/4400-9489-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/3908-9492-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/4812-9491-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/4916-9494-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp

memory/4908-9495-0x000007FEF5730000-0x000007FEF576A000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b92b01f7cf1c172e340cd403bf787537
SHA1 c62d24cb1138841a67896ab34ad8b1c22c2e3b29
SHA256 cc513d56d5c1d2e7bf68e17e97bc31724763a10e7ee7fd1eede038bbedff6787
SHA512 7a5d8b4b581113e1170549eda744ed59610a9d4c2790d1893a9cb0227aaaf51a04ad31ee2a43c72dabde557aa2d3bae8d051e71a9639a2a107e799243f2ad96f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2db6d2930537c09a467748fe640bb26e
SHA1 8ac3eb04a05ada4bf53479ff8dee1359ebe9d346
SHA256 c88d9f3665b678a79948224df8e121fe0bf24c19785fda061a657b47164ad760
SHA512 ffc9dff64a11c30775077cfc2341365bedae4d719641c2ee0edd8f447eaddd2161d9630ae2b44d747fa6d4a12a9f224072c2d2287f0d73f7e631f62c91118022

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca37f9246e1c03f33d00062d8f3c6229
SHA1 504561d7420e15f1271a3e5f5ee2f39e31a719f0
SHA256 793a9ed0553ba038ab20ec72bbb5f91ea020f7d9e9ddd2855adea2f2bc124608
SHA512 b8385f8c1a49a0e23c81a518845a6ab75e913d4dc3d36eaf0b58bd9f40e6be7a90db6daff4f771d378795b38c392c4a2d99a320306bdd6316144c7d0840104a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e7bb2cf292e292cbfa7aa405aa891f0
SHA1 783d0142b5173b266b88cd18db3001f4aa579a4a
SHA256 b6315029b6739161cfdb3ff2826f4fcaa99f290a0a1d3d51b89bc909a9bcc531
SHA512 6ed6fcee08bec8fabe84956b05557c6e5bad8123050d7cc3df1ba580c613d4975efb0677027b59f9056689e3da5b6195eb66975334e924644fe377225b2bcfd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afac3cade053d9739ab8ae0576307f16
SHA1 e3c1504913c96ac826ce72c91bd74682114c081a
SHA256 501f6cd565951e2003aaf55b3dcdd53bb5384f750b9b60320ee7eb3ce907b463
SHA512 8586fbae5fe647ab88731846a53236f25fa96f3fd8230096cc20226ae0d82399f21afdbec13cf8d789b8e497924f0e1200da854d65a5c12389b58f0eb62dee7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1b1c9c9a350a663429b1a11b33b8220
SHA1 d8781ee95fa91122bb53cff393b20cd55f11b329
SHA256 478fcf3cbd39ead3f194007f7ec74b159c903b6fb79a31a883ae4e6ebdb61538
SHA512 21ab777007aec0bcdf465f76088e77f53cbbdd4ab12fb7882d07a2bafb063cfe6da881355a16ad2a470ca659d71c89ea2c62adf3654d7373eb44393e8c48283e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 503ac2258ac3f6f00c35920de0a0184b
SHA1 1f07bae49d89e3e7ded9c430a80429ca837f2fd3
SHA256 cc893e1c46d850bf12c5027bd1ebab7ce081dfeaf4fe5d95098ac660d1c577ac
SHA512 32f975b148a37ab3a46f4f525803a3a97816e65923fdcabc7c0eeec24226b43551139ed6419e78bc48c5352db7cb230394fc40bd1ce5bfa6debf89c888071891

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e90fb807b725c27c859b74e3089672dc
SHA1 789599e6f170ce64459cfb27b9e5cc4ea0a7adb9
SHA256 9ae88c3562c5f0f094184ec7e21c0244ddff9bb96a3f17d5bbb231ddfd9d138f
SHA512 b6ffd934c40da1f1c3598f1912c591ea27e9de2c4dbce00900a80df32d37ed4ca33c0bb04275da474886244a9ae527f941c4a0f5447018b06e7d83773f2127d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f29afe1b7f2fb58d26974fcd31da2de2
SHA1 7827f553dab5c27b1d1784618ef3f4f217433a3e
SHA256 a4b6902b571a02315d6a6f0eb121fe5f660961343bbaf4cd12bb515423c4e77d
SHA512 eecff721f3b50ebbdb8f5794e442ddb9f87f5df86bbe16161957ddbd4d3c1562b6087d5deb19c309c88d076200cdf01e54c2e3e9bc2391bccf50a1cbc556a1c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dea1723e52c1ba90c4644f03bf103648
SHA1 57ec159bb7e8e4617408d039c9ea4a2528f28ec9
SHA256 5749e71589bdf60745a79f6ae30dbbc83a4e9392c342da777d8997178316dad1
SHA512 d7363b29a4e54121a3909f86e79eef0f64a19144f49ff06da65c1f15c3ca1e3336a0c2a8a7c307b4cfbadbee970be87943ca54ab606dc245fb18e0857f526ecb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74cf1426c125ce2b299c04b6aa00997d
SHA1 e33fc4916d24ac94babcc651af4ddcad1b42bd26
SHA256 88bc042b7cedba7c91f43e7cd306c307f4065ec60ee0ab4c7569239ad7195fee
SHA512 1121fb1343bc10ca46c77349b727290e7a2a7ca9e1b8eff433c2621ecbb8ef79829b06ef75ef6b5128000a3e54bd35dc78e2ea76d2585da92d6e27a9d4bec4d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be9b28469c333be61ea3d617e8a4c7c4
SHA1 ed75a755e1a7f47e26dcd17009c1050311b70b0c
SHA256 6fa5d422dbe65b9b32528f2248571eb407ea30f6bca55ed1275e8d97ed46b837
SHA512 27045d4a8239929694de5d2d0b366efcdad671b882bc4a6ff5c84608bd0e420757b742c6ec548eeecb96652991bfd6db9e273b5b4140ccedce52c215517385f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a56da807ad854919cf3860623171129
SHA1 4001cd2c7c622ff5f150c85f87c78fa613478c8c
SHA256 455160c08da42b66a1a5d1c9c967fe188419298207e83d519351478e61606928
SHA512 d3de64f6732869df19990ea71b7e55eb839d1824ab72508ac3707ad0601b885578505ad5971adec02dab88e614ce32a7780b272d9afb386a2298c26dbcb1571b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c143c439734d2845ee2c68627918e77a
SHA1 aa3759bdf46f49335b6e3bc0501f85a3dcdf7aa5
SHA256 145c323fbe59229b92dc8c592085c49afc9b1a21d3e6dcb3ac4b27ee715a0776
SHA512 e7573003017db513808010d36aec1107e051e8cc7e39ca175cb08947de39e72434edd391fa16b008aa53354aecccc41f7fff5ea0ddb624f50696f477728763ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 873a433422351538be6861a91e8e3c84
SHA1 dc109e61c7be8e46f0c64aa99c5bb3c861d1f7ab
SHA256 41698dff173a16fa284fd95aeecda93b04c299e60f789d70a227e43ea02e1357
SHA512 143bf2d859eb7861848377925ade9a2c5e64543487535cf58ef6f94ff6e0ab72a87f62283fea039f9112e95abed6b71c64afe5ffe644e306aee23cf2269834ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6abf18aa8624066a7e62f5473b4618e0
SHA1 fccd21b72a8227f0cf6146c9d91d2fa9ada54a73
SHA256 6e2d3fb5dbf2033bc22b49d1a4084e4fdc7f8f7e177a4d906d05232e384462a3
SHA512 372b65031d0b0fbadc1115ccba48a79830ee0a09aa540916663666fe684942d231b6fe1e279a846ea33b345681ce3e0d54b220b762ca4a80b79265fcfe450027

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8dd005b1336d5940d362f06c88fced9
SHA1 462dce6f4d405e13765932a6d31de177de24662b
SHA256 1c9d4afcbdc877b31000014bef697e9af113a46adf7b2f154324e8ee8a72c803
SHA512 9bc518b940ca04119711b0c20694d2036df61cab9c4effa12ec60926400970bf51b402de6c51095cab21026aebcb904112cde66abfee5308c988102d2c4c3cff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 882bbae3508cf965e347cb6b152ec24b
SHA1 a636b2e33d8c2d677bc27a8edbaebd4318f25f3e
SHA256 4f9476e1e31301ce133767a2c7e427e296a67d768c7ee8e857704e72e7ea8e3f
SHA512 00d047ee5272cb39f8691bc97464bce63028b56db25953bad6b0089764bc9b21df038374b43e6ebbecb94b0d1627807519a5823861a8b21aca6bb4f46e461f47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b8650e090961ef1c593ec839980b2c9
SHA1 0dd63117a47074efec53a565c22e1c54550c6c80
SHA256 a8e9ad036d7029ea677bf5ed9f751b821ca4e92683ac068caa63e8741567bbe8
SHA512 8e3a89e08d32fe8f2428692e014667b9c271c573ec0ac567990511b65b72952093e660477d487c30e5543ff869c2f90bd84c9c1199e88b52a4173d6de9f9a59e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8371dbd78d68eda93fa9a160f085c442
SHA1 43d0758f641a9d4148ef508b17d5368842c91968
SHA256 fce651e391a92a8e02fa1488075cf54a9f9862c0fda0d9d437b6be8456827332
SHA512 88b365b664eb160bf35d29ffd51891497f5d50b66efbf357e5a560bc488296aa81249eb48516d7754f3891204fca20f8a29a7241f257e4c152b88acfcc08e85e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 443c2f0551671a03a01240334d148490
SHA1 a74cafddd91e194e31e8e493f86f4e1329841d68
SHA256 dcf65facc8320167f3c14de96bd1197ab9091c2def40aa4d1e1fc5133fe8e213
SHA512 53073c6160c26686775d610d5f085637e1d7dc8aaab2de8886d30570d1e0e575c40246c42b2fce19018813552d935b03045fe7d4d48c0ddd32cab05d0aee41c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c256f3459f46231a9213d27a84ec77c3
SHA1 8712b4ed04641ae44b88abcda8de3cb1e5c80acc
SHA256 c5b0a5f5e3cc45e8f3918482a7f6e72d35dcc93b0ef06307054d6f6c2a80c29e
SHA512 353fccd67da4167bbb80ba80752605102f8affaa026956663100ac3e87f76878ad7050b91a57be8d49d901f508da65a1e7fd821d51cb292f535801419638f266

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f710fe82b3893fcfe5d8a6fdd3399d92
SHA1 20f03c73719496629ec0a8da23472be6e5df6d1a
SHA256 2bad0fb9c991f66c50a6a752d521f431c9aa448deb4543c4ba005aed47665930
SHA512 8fcf62be3a688610da86edf775824f84e22a15775e9971a8724a0561a35c4483cb465d19b0f769bc59d4a4771f28ecff8b676215e6b3a4fc5702fbfaaab4ad56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e40c779bf3ae99c1fb470df17e71bb5
SHA1 551ee6adb9db046f14087da072f284df006d277c
SHA256 f6322afd86f0d2131541ef9a074c60ff07a78574108dad1d680d5449b2a89420
SHA512 c5037e90e40ec6e683a13bd5878cd5a41b9de3272160559f0c0cb67e73c122efccebb220d54c61cb3c069155f2fe1396b14aac0c9a3b9552230a3086cbad4bbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ec861af340accfd9d030575279a0ef1
SHA1 ab86dfa4d5c8bba0acbae4babb1c8b010a03a1cd
SHA256 e5c89a930cfa93be39cea0e63410309b3bd342252fcc6694ce909d2c733e7ed8
SHA512 19c60a98fbe91687d339bb81e055a4908ccb926f389388697178fd395531802915248f13b2ded337b0404a782c4fe09b89a5cc836bcd869641e5990a0096b410

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edb0bedb3a6e5c7abbbd80a8c2566fb5
SHA1 b356f7fa8ba61f4926ed978062192bdeddc84aa4
SHA256 b123bd91864866a242e10e32f90266e53873d39524e277f3fe779c0fa6bb0113
SHA512 af2311f2de2d09efb48b5c9e5104ab21ee68bd6f3b17ca45c1bd58efbaf592b3781ea320852fefd79b461ee7fde44ca28a0b6bb5c8b30ff0ce223c41b083e713

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c83a05251c0ac384efde036a518b117e
SHA1 34b58e4f4354c0431522965e6ecf4411eec48ff7
SHA256 4d0fc3b298f07d02cf99fc1fd3fab0dc387354eb512590508634d29e50ea2ff8
SHA512 ac2d9e9f8033c67529233d37fb992d791fac2d193af7cca3ff5c5312fe898e13ce2896f66a1cfde43b428c06b52291caf5214d7fb055897dc675a961718a6e81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8df76f5efbd84dca9d862cb2e0a34de
SHA1 43d12a86faad2f584c42de01dd0d7deed2a166b0
SHA256 cd32b28ebdc305bcbb5467aaf0f316c8a6ae6e11314267ca5a82094d3f4d8772
SHA512 a7c2873872ade7cf0a9638d0940215aa20ae663ed5bbeb601c1a08ba23758a7658ecac67d9e6d047c27311d4f8a48dcaa3d4fbbd9b34ac4070aded01de661a0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6b87f39097f6702265816d5dd961099
SHA1 3d96ae8af5e6719d6a6a51f46d2afbbc01ef2c95
SHA256 07b0f5fcb879c0b15bf5a6eb81bc2ba60b74d703a9c8c2bf7787770ce8d6b9f4
SHA512 578e487583db2113e0603e2cd04e3cac0400f4d055cfdd3114ed4d4f41061812aac8d023daaafb4fdf0cc46bbe54a457ae37c53af93384196c39502939fa4e0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 159a7ee3609a27cd0436ea5c61dcb21e
SHA1 21bf06a1707552af5bd6039703efd73edfe1b4d3
SHA256 41eca23057f64a346b5921d63093100239901292e58c36a06e0af538cc907dfe
SHA512 b18b9a2b1a3f8fd53ab30e2ed672d90b49ac4bade40d56a03035ebb5f0a35499bbe29f99ed530f0eb8d9baf8b7f534cb073d6f5374b91d7baec5ec702bc05d37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d356e1afd5b99ee617b9797967987ccc
SHA1 994c562fd2ac8a03520c8e0bdf4898d687fb04b2
SHA256 71d8abc4be67bdb30370d9d128b1d00a6f5fd0c77e19bc68105e4dae0e349dc7
SHA512 0d8635a25a526ea95908febced36e1ed9dcda8fef24966962a9040a405b5a43afb4c64bd50950eb71a6e06db446abddf9651a987767244fa048995fe7603c0b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b152b7802e754d98b5d9126037d451de
SHA1 f7caee21d807326a5b878c69564cd5ff2cced7d9
SHA256 46fec21db503bf251fba96b46572422e07f6e3f19d71069b01028f867e6aeb28
SHA512 991c1f9ff7e8d8da38bfd408b3950fa877535f9d225b074ba6d9aa6342cce285469cf0995b8bbdd9a0cb4e7f52f5c851d8ca2b9de510b0f2224237c27ea0eb5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8b3bd0d3cd6e2cb4f9cb12b81b38def
SHA1 ed9845600a8f4d70f68adbdeadd8e1bc2cdddbc3
SHA256 dae6bec326f8c2dd8b776e367fec4f3f3d3666a20e89e00bdf87dcb10cafaf1d
SHA512 d72e0acb9660f099be86b4320065e2e4d43b23c1147da488cdcf1208f7af3ca5393879e5fec6abda456cd12f52831ff6fcb30d1fce229cade09e7df985d711f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed20f996dbeb09e5a3b9449b9d4c9a81
SHA1 1b0b4c8ab33f5be56dffed78a1e3b11ba93b4e9b
SHA256 c277f032257a36ec6370e31be63d4f92c422292576b1e908c8cd360916613338
SHA512 a88baba6dfb491a46a63b264cffe0452296e08d18dc49edeff26dc7c02685c657415992681d0824c552f6ba6c996f268b1f1fab56c471828d92351d337a0a681

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f56e0084f1594726ad99201982f5584
SHA1 f677e6c3b6c24e83ed76b76bc59c938bf0ff60f3
SHA256 91be960ffb73ce0778aa894970d5b0b881ddde70c7235afe4368272e04f3036c
SHA512 69ffba5fc3f4a92838a5a2785e44e5efae47d077ab44ced7b05249fe3e34c82d696612d415da07d489cefe39dff0ab84f245033779d34d6487de4db96d709e6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 111b23d7d1d1f3c409a77a1197c85ad5
SHA1 a47dd9374941c8609c24dbe0ace57bb337457a8a
SHA256 9a3a38dfc316501984c44c32231b685dc9a75d9e93cbd9aae98005f67ac33480
SHA512 0872d3894dbbb7320852ebc2d08f71320ec3d8c856cc5d99428dee57c69a20d402e3d65d1b6c6c9c2591df4b56cefded192e2c2b60872517c2ab566bf8a3f636

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92d802ea538f128a3ab12a3dc7c4d3fa
SHA1 e584c72003a58ff9f5994f2fc3c0bf17c0a15517
SHA256 a9e274075bac897fb868e8841b7fadc5bc9a15fcf53665a8f89b00bc83f08239
SHA512 49a8e252e31f6041d763d757b49b56fc82ce4b8fa68c75ed5fd137e3cd5ecd75f00b21c1d43cad3727b6131f7c14937b733d504c04768e5f4faa4c25db3ae4b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9468680d44f318d2bf76721dbf1e7495
SHA1 cf80fb92b8032a34c80e6fad197201b64fcef4be
SHA256 20e7a33266c6c7f4a2963229cb3b420380b6a7726b55926a03f716aac71575a3
SHA512 b2dca8584497b38e25452d11b0355595b49cb4140caee650e529c5f8158c3b0e54a2cb8c302f794d3267043593872a74f3bb521eee1d7f4245c306a6b55babd9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0026db88e10909a164d60f5ca882e4a4
SHA1 12c0da72d79ccad946a1f3ae108fab25b0ed1c77
SHA256 b03cb9eb60277a3315275de662353a29f755d113e2d6e7d1ab9e3b0bf0863913
SHA512 2704e457833485123dac95f42d1bc28d71dca734d4b5c6bb9553160c78b8046449e8de79c33daaefd88abf31b71daf798d70bd9dc3e1e7b79a896e8bdefcf9e1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\gtm[1].js

MD5 5ad0eb18bd1b9b1093e533cb0158c50f
SHA1 63d0b777e4ba19349af0c885537dada8c33d1a0d
SHA256 88bf843c583f86fe8bef8fc0fa71ffa9f55750546afa132531d98e95010ffc05
SHA512 a2e89c01f04a898c777126a4bfe60397eb189972f64aee4c4c14f445935375e9217f857e8976e09cf02a9d567f8961cd451fc0a385bd3a90eada3a7469996724

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\js[1].js

MD5 ee8601e9846ba18cec6e8813975d2d27
SHA1 9fbd7969d633d99f4914113997f17b95f63abbd7
SHA256 0572d7fc211143c265544ecf3f79f381ce9bb443de6b965059fa44c0a3adc034
SHA512 c62f47aa783c9ac6570090e87017bc1405b81f131bff00ee2130191dc56666ac4488728c8849067a1e52b8ab7687b0ccfa0fbe0a50e1dbdddd264e8b08b446c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c463d968e8e103a14ac4832ffb37ff9d
SHA1 db8bf43d2ca59fed2d68559d3d1893fdda47a0e0
SHA256 754bdf6509cac323c51e0cb678101b6caf67ec76c02838e7d8a6e86f173b2219
SHA512 8957769f0d93716425e1fe8d8b7bdf7718b4e7310a40c9827666e1d9a61285b39f29b07a95c7840f0e7316ab38b64b7b4c7e340c4fb659f9086ceb4c0a63546c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83782310c8a529f436bd14a989b04c04
SHA1 33720e56acb497b001b2e64164ac34a331ddd67f
SHA256 2c32a29373e0c4f32c4636f54707a8f6ef7ea354f0f568dd84c1bbce2f2a1a29
SHA512 f2f60183a669b03290780899ebab7ec6c19177a9141a1a5e2473c78b3a666035de852028156a4dead559130b28cc143180f4d58f1fad7fbf137cc29348f1bc6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 017bf5cb8d1ec2b11c596dca6621ffa8
SHA1 aba55a605f18476e3748a00ecd1da175d3b4e70a
SHA256 823c38e13f7ded322bc8794bfbdbca5964f4effdc7729b329765d67d3bce7f7f
SHA512 d8e7be693896aea02b34c6f5a2be2970477d65c7235586fbce0c9edc062c7bb3f6f34f0e8219621ced8519edf1d51f23ac45a09864c39211a98c1f68751d1784

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 398e50a0c747b0d97cafa4476e6b900f
SHA1 83618e37f1d574293c93965100a4b67ee1f87e89
SHA256 716dd0c81ad025137804b271eaf302e436cd5997279b2beece149678c9b09796
SHA512 d4362c8e023b8f7b4736e154e6c1a3829bd2c5a3b0d8fe21bc37238f2a9da9a0af19f3c0a7a363915b49246e16546147c30cbc5d71c553d5647a4691f30a63ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f071d66f78cf8cf8ee89479f6976533
SHA1 dda4f9b9fefc3f56a18aaabdc1c2a462acc41f04
SHA256 6739ca4cd2a9581db7cfbb590d18643ab94bd45d783a306355168e6ae177e2e3
SHA512 53073052a1b7697b57d565c38fe4bc040eb3f42488ad325daaaf2ef99434293c7eec3286d607b1184e5b37b3658fa41f95e3b2ac79461c0b9df90761d81f7d5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee30048d68c2ec42b63e1ac3f3ee100f
SHA1 b774c1a43c8fd5d7cfcf7f286b0298db7fb85582
SHA256 bf1fd7237bbae24a1ee0c33ba6fa21b37ac94eb8606213c2be8ee49504c96ad7
SHA512 32dcc260458090baac2a757874b0950578023abb72211519c6e1ef3db249ff54a575e6f3ccd4382bbe3ec670708e27cf454fe8e56339b72304ca5f15f0cc14a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a87b569eca5641418d92679c3608231e
SHA1 53b268fdd53622c05af531b8a18c730d2708fff4
SHA256 f524eeac4b0c9f65380675307f034d3d401e703a29e3829bd70c63220a6e8f22
SHA512 2c5eb24590d99ae476886809dc66c6ce9623be8e8bc6123b4f2b8db5f56031ebdcadce19c1bd3f2596fb329dfb55f56cfdfc636dafdd5f272f6e39a7e40c606d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf7290991839716a82ab53c405c89b59
SHA1 b5edffdb9f999609c5f635cb54de419f4e876641
SHA256 5262f9bdffe63fc9daaa83f4f883c9ad565ae711f87bdc4ace2214d55f360f0b
SHA512 dae6f6a915080bcca1cf331beac9eb9d5ad63d50946f18007364a4ee79739f255c55ab006e1ea5b8997c7f217ef51c1d686ac723deaf39a35af4754b0481f7ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e129e99036a6271f45ca3809e02e561
SHA1 ec4d06a0ae86af825366348eaaea9523761af141
SHA256 82b3bff5d5528a6d45db1fcb63c9fb8f5215328c8f324c5a1f770973c5e7fb19
SHA512 ac8188538b6358f2f8f4047f3077d9c14285439cc33d9a6ac5578ac36b0cd0e13abdfd334d27acf9acee575712131a5185a2417c05689a3568c89de671fbc2cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 283692fccc25d48c1bf71f4987564cbd
SHA1 e7a85f7652dbe246fa2c13c32bac9ee44b2971d6
SHA256 aab293e7954861947780b91e42a0d341b3299db3cc4f9ac670fd7f02766c0441
SHA512 da109a9ca95cc32f120680761e3c669dee71d304f49063f15efdc2e519767a38502bab3ff62401f632ff55c4b82ec6bea4b8d1686603d8ffbb739cf8dc8d473c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b87906b19ed3b28d31f09a13c28894a8
SHA1 c521f3703a4ae5c332ccf2fff3c90a4b55a0fe67
SHA256 1db10cbfd4afeb26830239f0faf089798e5de0b242fcccd2be97f00e81f1c568
SHA512 348bbe9828d205f3161d6ffb7d1e9d8dc9820b59770e8dfcfe893218f8f91949ef32945dcb01729f360a695c394e32a906f564daed4f6568d5eb603169a9f657

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85e67cdb6b66c3681eb1f93aa00ef703
SHA1 acae6b32ee4b5431628c9e3401b5a4203345ab42
SHA256 ed303655960efacda84f7c034e04dabebf97cb7e54471f903c74caf733f951e8
SHA512 431d134905e97fce762b19a314ddf6f0edc119f3bbaaaae95ec8debd03483058b522b8b6e9482e4651f9d5f27c550a8135ffc02eb8cbd41ff8b7416d97c28965

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2eadda2be053907251c3608c8e76eee2
SHA1 35d9fdd25feb5ebd03750365d708cb72d2dc7516
SHA256 9a4af590f4e16b95abaa4bf0b8580da036895c5495ce7a5537117fb2db35ac84
SHA512 4c11ca05dc57b332e4dbbd2cae8a3be28ea468183766d3a75b62f48c9082a4bb16fc9a1d90e1b189295aff2a67836cb1c6b3037a08c4c5532e0aae8d525c8ebf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ccca8c355fba4b3c794c52504b670aa
SHA1 dd90818b5eeb4f05b171ec000a030d42cd562774
SHA256 64b373751859802a1f8a02a56ca70eba3742005aa95800a263cd137b2e21646d
SHA512 80e0b4168ca2b8427892d0137364472f455716aa8564e6b1d8c3713e93481b0f17d9b81d46ea2086d8a5de81413cd17525b115aca4de9ee188a88d80af900979

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c24e901480df1766add23969c492c82d
SHA1 1e1e90d4647f3d7e11c0372912f106d75ed5edf9
SHA256 3c8297ad581b6e897f0ce75c2b5b46d1bb460c7bc2827ac04239e20086deee87
SHA512 a157b1d4b945e475c03604ae61d4d1df3a6f69d71f5210433f45377df1d72c8ca22526e75942060835404916ced59b0913a2470430d7276bb991c9749ea67401

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a2eaf5ccd0ea0cc6ccaf1051b750803
SHA1 8c96964d0b1e73c872d1cde830ea3690278c6925
SHA256 2f62fb42ce68fe358c3a0b54c02068f893080377d010873def2f8b411d00b287
SHA512 34e6c326d1749c80035a56123b956995fc3170e1564b1f3faf77849a660c180b4b32003b09dba80ec2b588dac1a2315c5fe6d0eca858fbe982fe19347fd067fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4d3c7985d011b3ed7e0480406e2b6bb
SHA1 a320c07cf9a01ff8aacfb650bed1f5c898caa3aa
SHA256 51b3dd205a40bc1e4931c929e743805a31ff8d25ec6a0850738d22c4cf311a4c
SHA512 476a57dea1069fe59830594335a55a5d05b674e6b16788d434c4e0bded442800e3b2d2e177310d43cbeb149639ee9f3ea5dd7161b237654f293e044d6eb044f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0245c7dab21ddb52e2c6f7c7c7154ed
SHA1 18a86a2c2cec997d1482ae6509e45eefb59267bf
SHA256 62ad74739b891c06d5444568e512f7a64aed1020c32f2af3ea276b13b35d7054
SHA512 ef128d322f33b03ea89ce286a5ddf0184e57a18b368d7d09c1be9c7237bdd502645788da269198abb330802b4c8ab4245fd0843df67b824d428f7ec61e4e8dd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80f730a01ef29643763019fce5ec3804
SHA1 d7af0c3d9d96f2c0a08b84cdc25714977f2c6595
SHA256 0e275bd1d9ec44b0ef0fc73640913d1526ed5ea17f028bd9d4b74628aa610a19
SHA512 fefd8abbf43fa3d3d2f06696c3466033bc772bf1d43c20e7ee3ba56af2f1f36eec6b494787185305b22aae072e2b2149b570b4613bd9dd80daa9d492ac42b879

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28a83150308821245696f9487c88e155
SHA1 c845f4d22c891e80e6e36090f8ce782b816ade5d
SHA256 9a869de7ee716a9bbb37a5cd2a09ada0d5f998a5c3b4638efb0dd86a9a4872e5
SHA512 1a2420f06f1f26f827f1e807317aeb6b80d4b40fd84d9e4759c2c7df0e1d01bd3e11954d1776c737ae2abe182f30a73a8ef9ce6b950e6fd175bb94c7ccc15d71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d29ec86ad3108f9f2720c12a626a8107
SHA1 ccce1f0b02226507649b1da78e7079137e49ca32
SHA256 d989308a861e7c93322d501fc43afa067222665757ba90d2dc671dc92add5445
SHA512 0c0a2794a9525087d4462764a914dda616760b61404a9b5b846786aff96760bd90a19449cdaf3613682bc5f2419a5b158fb6fce404dd4b552d586872d3f62b61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5abde35e6723699174b1c1bb120c76d5
SHA1 ac954fdc454ed183e0efd82eadcb3ff22bf16cbf
SHA256 d5d9797696efd749cb5d2459d6eebe2f414eeb8fadc1e07c57b1e6ed82e9012a
SHA512 7be0176ec5d0f5e2edb8dfe2ac72bafbe4cf316ec296766da866f4d0fc626cbbea96ba30086c351280106ef5dbff9f90470b9e0a4ece13dd0f9dcae7fcf2325c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84dc763bec2a83153d035c1da5797777
SHA1 99309655fc6895214c57549e0a2b56f1c7aafe08
SHA256 8e940f122511d3c610d1af6427f5a20b66377a82731bff5f9e14217deabc14ac
SHA512 2356994c16314a4f6549c3186488ee03619131a10b0ed40e25078b6ed3e89b4ebb0a4f68b180ca8ee469281e07dd1b5e4e1f31589018c9085ee3d564a176761c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14f6960e1f838d7f18bdbf0384e2b670
SHA1 66651aaacde7cd58e6b01cc78a1f3038a6c35d1d
SHA256 4c713ff08d8a47139b2f64bebc7baf9c734870603847c87428a347fd050fac3d
SHA512 8fd06bbfc61f37ae05116ce01a3442f347c5882d5cd3addc7e92599d47f37cc55e5941d66e129f47bfd1a516044e8578258a854b249314e21a9cd1b127777f27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2717ddeba5f71911feda8413966dd7b
SHA1 3647462054ac8e5c7febd38c5ec2fb02a67e2519
SHA256 5e2468d56797d32e94462ef7df9abdc2f7cf470ffecfe2128e8097fb209e1604
SHA512 999286544fb8f0efbcad3b907a92be245cea8104c8afbb271637e97821f91b56b74ede36344afe8d08e6867ac4d777f61c29559c41ed137c2358d93fb28834c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6b6a8c1e09f90b753ef37f4382fc738
SHA1 98b573c886e588672c2c72aeb6d0c06b781ee2bc
SHA256 268ae89b3d2f59db1893516e8e9183f81d96e300ed11f28eccf5c3c245eb7acc
SHA512 e6db8c152988390068e5b06661670d62314f8cd48e64ea0b738908b0b9963bd51f1087536fc699168225521e3e56cbe7fc45ee73e8552a73fe2dcc21f090dded

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ec4f0237eb384dc6e11b266bf325ded
SHA1 a309818740215cdfa8d87bbaccce851ef3fa9b9b
SHA256 7b60e52e578c82be14e74942be8db7725f6d679045a81ba11af7b5405897bf6c
SHA512 0eec4c22e141f83d5c9b8f6ac2a9cdebb057599cf0f0b33025820badb0a41a7beb43f6e3394fa1add22c6e88e0c4e8962a1d4e69c0fbb7eefa5886de4e401acc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a23585b94e0cd9a22455e908a928b121
SHA1 c9eeca73fcef1b17fc43c18205e3f52a266608ca
SHA256 7b199539d35987fa6b0890ba79108e235c34fd04556edc1a84940d2b819d3a44
SHA512 b8ba3ad5253d4044be36c22b73d3e5f81cb94561abec8624131f9f698d16c7087eac12775adbb9ce49832e23e925a584a59f98bd67ec71785713fdb39bf3ff89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1588a85735ff49bbe85b3a472fe96a2
SHA1 1f0065b7ba363daeb6d4bb12aa473cbfa91dbfe1
SHA256 96d078c544f884b8e477345d625d5ba5e74cdf294a48392c47cef9476aed8204
SHA512 b1560ea61c453891353d7b5d6b20992f4294d1d5f7045ed26a788105fbc15a42efeac6f2808755c0f837e20b6027dde27b56bea5d4d331d65212de441a982e05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a513d72b2025e19bbafc8c8486497a7
SHA1 6732e127ddac9ab86010cda090a2eb3f4f782e3c
SHA256 dd3579ca356a2b1d78e92a3eccf2b6ab1e4a6fef5b0abbda4b946164bf60e266
SHA512 a33e36970d4371f71ece20f81ac250a7dd84066a79f4ffae0fe3df1812bf6914cbfe54f64a7488a731aa7e653ee715a45dc574cbc6c7c3b977e4666403f5a76b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55d5fbc1579362af2feb1ca446527fd0
SHA1 5bc457ea099dc1f9671202e781c845b5f97f77bb
SHA256 6c530368e94080b61b8176ce19f6ff155f9aa97f37c3dbdf2b7e5b627ec8d350
SHA512 b2fb064c147af938934109a5de9142f7075ca89116c7e189ed825533600cf675a5ea7707669c7d61fd7909d207365cdb8d55e3fc95b7334381b972c63c5a8867

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a604a1729d523cc1d0bdc0c3ca227ecf
SHA1 001a074988319de3a7d84da97c2ba0f73aeb3c58
SHA256 2349b99d4a0a1dad9d88729b54bb646b602a730f13d55e3fb0673364f57d9c04
SHA512 e0fc5a2cf145800b4513b49a41f35972bf544c2958cb7ca58e3a9c031fe7954623acf6c16a690e7b7058ff64398f4faed83e512a3e225ff523d94e53efd88121

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c3202426f7bd6fbb9f1411966c5c8c2
SHA1 d47b15c466d2e45294abc938598ec8202fdec542
SHA256 f4752e173fa6abcf8805d13954b66d16e60fdcfe502673e4dac99220119c5977
SHA512 2a95c5bd2cdfb6bb93f2568590679855023c45494a192a2eaa2b2f9c4afa0c419b31c0a6e6f8d4e2b5ee906acab10969927cdb77961b034594b7cbdb6632cdc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7a3de3ab2a9e3e2929f5abb7460cd49
SHA1 58f6413df394d37b0d14ed6a26e8591524bbb00e
SHA256 2ef67a18876a0c699cfb69fb037a894d85eadddfe6fb2a6fa01619f904f13e82
SHA512 a93dc2e1eec04d489614d08fdfe750cff8d1d233861e89767fd23bfc6f80bec0b6a36321d7f00013f11f4a9a2d1e9d8fc24e36e4cfb4dd909dc0eb57e56b68d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc9186dfe48f6b0cd01e04a9035d0dd3
SHA1 e96733c4e2d2f8052d869532e7305b60b933aa58
SHA256 b5a58713ff781b43a7be3fbaf43ea32542661c81955993c7e2264902add9a84a
SHA512 33549d3366fef14dbe896a45c8c87d970452fde63c53fba4c0f23f8c4cc15db5af97cc6de502bc8527fae9247978a94a7c284743aee154990eb8189e3236e2ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3dd211ff1fd772ab577853f682360a80
SHA1 1a5da50547ebb00fe23e186ea31335c707c56b5f
SHA256 eb6b447ec063e3723351e430b56822a8103b849401dee0137e94568261b236a9
SHA512 1f36082626dd6334d7343fa04ead8a07cc3a37a4ee0fd0d543eb94ffbf508ed91d60259988a9edc52e95b6dbe51575e748f6864ce21dce6fc06d88900b24b7ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a7f3bd8f2b64150a594fdcfee6f6969
SHA1 0a153ee06762d202560c6c121bd0406fb8da57d8
SHA256 01c0043b21eab496b4e8e25d361e1ba3732080350ca3beef0ae8ee38ce76932a
SHA512 9c9f9a0b6bf0114ecbc696c72c3f63cd7d6a2bfe12e7a135972d6c66ed57ded54ba05052f4c71223fa813333fb2312aeace4371fcc9260bb7979bf70e84fa9db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7587df5ae0b4f10d32f84051323d2250
SHA1 baaed49965a8e925ea7a6b45c4e01ea7afafdb41
SHA256 1eaf1fbc0978ae49a85062b716df467695eec26806927cd7c77e8fa1a32b869e
SHA512 abbefb1e3c6b2f608f7a049232a660488eca5ecb063df949e2d123a3d3e8b3a22b10020480ccb86b0b3eb4eabb355dfba7c95e3c9ce719d7316fd4a59b245975

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76f940abe548299103e679fffa17c581
SHA1 b3a47d80effc90885ac793bc625f2abed2c1736a
SHA256 ad323fb2e021758ac2c993da3917bfa303136232b079182d131ba9cc2677740c
SHA512 7ccc47a366b96dd2ab68f1832e6e87d6fc1718f57471e9a7e8111f508abffe875734faf809241d838e7a406ef2ca553a5e667245b5b968acf9696db626c5ccb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 987d3a481503ace61a94370cb4413d72
SHA1 a4f73057bdbaf6997c0bdc5a51f9aef8bdddf782
SHA256 7efd406550d44350e3129c7c985635172ea2179d6239c416ef7ac18837ba1fa7
SHA512 bc82e04eecd8fd114103814dba7279faaf0c3cde3e172c4858cafe4f8dd1de63d556e5d7cdcac0e900811ecfa9df0015ab4bd6ed560d4cb7ac6e8107bcc49dcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a18a0340a22644bbc71ab91ba177502
SHA1 d9a6cc04c9de58cf186b7d4dc13588e4dcc4ff2e
SHA256 ffb7ee476d521a9ed8195e09cc3c9cd6dda773fc126f611cc6400291b510de64
SHA512 717bce758cb914188ec515c73103f6d71e5e9e93f79348c55f065bcba8a98ec3b67e1a0d5e0966cf0ce4e098a50b12a2291407cbfda0e75bc4db4877a09bdf28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be87e7d3f1d04f9ada328b5783b40143
SHA1 09f1d1bb91607525b4049f6fbbae1fd7e7af3935
SHA256 fa749b503f009b1b7c371fb824c76889179d4635552a2295fab2255c8eed7a3d
SHA512 719fcf6ebb0fdd6ff7e5847d5ab36f3495f9bbe2a764ac8d29de7b8659dd6d14db826f55f2dc2316ec92c0c5c329306fe510a9efe4785d3fc051c745c4351da1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59f12b25c5f29385f86b471b620ea00e
SHA1 63c458aebe950384970c067dcdad1a4b20e05cb1
SHA256 037710aa16e122da96b68b282b4043339b28e986149964b8a9305a2d6d760123
SHA512 aaec31497adad22709d267d09ca72d8c7dc63b56f07f6bbd2e5ed6c61b81694234156347175df99e8a42b90ec9bbc0914d006fe47c5793fefe30a00a4d0a862f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9adc8bfec954349abe6906e25080153f
SHA1 d985487eafd8906b431985fb7d5fc5f39d6f9071
SHA256 8f13500fcdc57e84aea60d2803a4e682edd6e054a2b45ffa5e257cb720ef8407
SHA512 da81aa443ad56ef19b10200eb8d65f1ddf88c2ab0e0440ba3c42f5621076cee228c8b2e5c92e0dbcd67ae3f4066ccc9ca0fa037d3d2a0c7448ab3d6898355b4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79b725615403882b214c4e623b4fee0f
SHA1 5a0fb68935f5830e7b29b21e60c1fbf369ecd41e
SHA256 bf2148d2af5de18cb17b7fad467166f166f555e8eeae5c99223da56321e8aa10
SHA512 03398ec204005b071f5c89f335965e839b12ac679727bf7e0a37bcad6126b881017c29cccad312527abc1c83a5138c39b9e058c9f6256850ec583572e444f407

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f487fe72538822e489115bbea3c2b7f
SHA1 7e10ef726df2b3e1d7a3566be6c2ddd9178f93a1
SHA256 782699c0d7fb13fe7cecc4b6a033d65a9eee7370e553a2bc908c183e351e0e13
SHA512 97276e6c5163ac5b2a25570f2db48f52c027f53e77dcede8df05d783d5ca17c3e80952625d93adeeb76093c3935b5a1e6653fb4db2424648239438d636caedb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f19713755951fe0b96da787ab10c6c37
SHA1 d80a17be73aa67c3af3db8de5a748fa6b5289ada
SHA256 5e4b4459b9a7dc4fb71e8584d09f73d720f0d107c6d06f5394a059ea9a678db4
SHA512 7d836ab09223a09c3f51fcc122914d3b5146b8aff1f84aa018a34e63a57a49c5a3109f589451db2f254e550819295c3755f3c28193e215d582ae0c1ef8fa1e4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcc46f9bf259f2b955bba4ce3308b229
SHA1 40e2cbf3b7c20a6263027cf1a5dd8337ace1ce9b
SHA256 3bf4178bb3d3d2166578a2d42593b095dbe4ca42a6564d30dd955a16ca7a9d57
SHA512 0483393661f29613aa0dc85e716a1371aefe5f3ebfd1567e6eccf7766e1d90e95932f5eb1dada2bdf58101254c2a3fa051a8a7792f6eeacae4a451a1c1a886e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 416b7a0bfc6669b00c809900349bc003
SHA1 6e95e357f58926faa116249b9bd6cea492ee61c7
SHA256 1bd66f9035ea847baeab1ea8d5b15c7e42f63dc816d6b4e02250342a4be43057
SHA512 b2c0dc4364cf4f41b05a0c6ae706cf02429d29998637be5297c5c6bb1694255ff95b3bf6bae04eff22908fe456308127abe414d06b82de07cc8b9cb4b4ca5508

Analysis: behavioral21

Detonation Overview

Submitted

2024-12-14 20:44

Reported

2024-12-14 20:51

Platform

android-x64-20240624-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A